As a leading, employee-owned provider of policy lifecycle solutions for the industry, Andesa strives to meet comprehensive and contemporary data accuracy and security requirements, including the successful completion of annual Service Organization Control (SOC) examinations.
We’ve retained an independent public accounting firm for our SOC audit work, which examines the validity and functionality of Andesa’s policies and procedures, software development lifecycle, data centers, logical access, backup and disaster recovery, and other critical operational areas. Our clients can be confident that the highest level of internal controls and security are established and maintained.
For nearly forty years, we’ve demonstrated our ongoing dedication to the security and availability of our environment. Annual SOC audits include an examination of our policies and procedures, software development lifecycle, data centers, logical access, disaster recovery, and other critical operational areas. The controls and safeguards we employ to protect and secure data are aligned with industry standards and best practices.
- SOC 1® and Type II reports
- SOC 2® and Type II reports
- SOC 3® reports
Security information event management (SIEM) provides real-time monitoring and analysis of events as well as tracking and logging of security data for compliance and auditing purposes. Our dedicated risk management team, including privacy and information security, review third-party services and systems for compliance with security requirements, confidentiality obligations, and privacy policies. In the event of a threat to our security, Andesa maintains a comprehensive security incident response plan.
Elements of Our Solutions
- Geographically separated Tier 3 data centers
- Routinely tested disaster recovery and business continuity plans
- Formal vulnerability management program
- Full encryption of data
- Multi-factor authentication for access to our network and client applications
- Information security policy and processes
- Independent and internal penetration testing
- Secure development training and practices
- Employee background checks
- Distinct development, test, user-acceptance, and production environments