Email this page

Protection of customer data is job #1 at CRC Data . We deliver rock-solid system security to ensure that our systems and your data are never compromised. At CRC, we understand that you place a great deal of trust in us to guard and protect one of your most important assets, and we take that responsibility very seriously.

The security of customer information is the center of our business and our top priority. We make significant investments to continuously evaluate and enhance all components of our security systems to deliver privacy and peace of mind that your data is well-protected.

• Physical Security: Our primary data center near Atlanta, GA is a secured facility with 24-hour staffing, strictly-enforced accessprotocol, and all systems are completely redundant.
• Perimeter Defense: CRC monitors and analyzes all logs (server, firewall, and intrusion detection) to proactively identify and eliminate potential security threats. CRC regularly employs an outside security firm to evaluate our security system for vulnerabilities and upgrades and make comprehensive threat assessments.
• Data Encryption: CRC employs 128-bit Secure Sockets Layer(SSL) and proprietary data encryption methods, as well as virtual private network (VPN) technology to secure and encrypt every connection.
• User Authentication: Access to our system is restricted by authentication of user credentials, and all events are monitored and logged for security verification.
• Application Security: Each function of every CRC application is securable, and those without need to access any feature or function of any system simply do not see the feature. Data can be secured by division/region, as well as company (where clients handle data for multiple companies) as well as application components.
• Internal Systems Security: Internal systems are protected by
  • Network Address Translation (NAT)
  • Non-Routable IP Addresses
  • Port Re-direction
• Operating System Security: CRC hardens each server according to industry best practice, and then applies patches to test servers immediately upon release from the manufacturer. Production servers are patched immediately following every re-certification.
• Database Security: Only CRC’s qualified database administratorshave authority over production database schemas, and access to the database is tightly controlled via manufacturer permissions and IP Address filtering at our firewalls.
• Server Management Security: CRC’s clients alone have access to their data, and CRC employees do not access that data unless to provide direct support and training to that client.
• Reliability and Backup: All hardware and software critical to CRC systems operates in a redundant fashion. All client data is stored in highly-reliable and redundant Storage Area Networks (SAN). All data is synchronized with the remote site, backed up to disk within the primary datacenter, and them immediately backed up to tape for offsite storage.
• Disaster Recovery: CRC maintains two fully-functional redundant data centers to be able to resume operations in the event of primary site failure. CRC’s Chief Security Officer oversees a staff that maintains, enhances, and regularly tests CRC’s disaster recovery procedures, and we regularly make those procedures available for client inspection.