Security Policy Statement for AceProject
866.259.2454 | +1.418.907.5184
WordpressLinkedInRSSYTFacebook

Security Policy Statement

Websystems Inc. takes data protection very seriously. In order to safeguard your data and confidential information, we have established the following policy in regards to hardware, software, networking and general business practices.

General Security

Since security is an important factor for our business and credibility, we hired an experienced consultant to assess our level of data safety. This professional inspected AceProject thoroughly and outlined some security holes we promptly closed. Moreover, with this consultant, we established a plan to keep our guard up and stay ahead of pirates and hackers.

Physical Security

AceProject is hosted on dedicated servers with Windows Server 2003 technology, 4 Gigabytes in memory, a SCSI Raid-1 hard drive and dual 2.4Ghz Intel Xeon processors. A secondary SCSI drive is installed for a mirror backup. AceProject's servers are behind a strong firewall machine that safeguards against hacker attacks.

Network Security

We use a web hosting service located in Chicago, Illinois in the United States, MaximumASP utilizes a scalable, redundant "bandwidth-on-demand" solution. Depending on network traffic and nationwide bottleneck status, our web server traffic is routed down multiple OC-3 Internet connections to national Internet backbones AT&T and Qwest. Our local connectivity is through BellSouth, KDL and Adelphia via high-speed SONET OC-48 connections

Software Security

AceProject's servers run on Windows Server 2003. All security patches for Windows Server 2003 have been applied on our servers. Our administrator is in charge of keeping up-to-date on current vulnerabilities that may affect our environment. Our policy is to apply new patches as soon as possible. Critical updates are applied within 24 hours.

AceProject's servers are also equipped with a powerful antivirus software suite. The software's virus definitions are updated every day, and the servers are scanned for virus everyday in the night. All files uploaded to the servers, for example file attachments, are automatically scanned for viruses. Whenever a virus is found, it is removed immediately.

Our firewall is a physical gateway that stands between the Internet connection and the servers.

Data Security

Backups are performed daily in the night and kept on the servers' secondary SCSI disk. Every Sunday evening, all client databases excluding file attachments are backed-up to an external medium.

AceProject has an SSL certificate from InstantSSL.com. This means all Hosted package users connect to AceProject via a secure SSL 128-bit encrypted connection.

In case of a security breach

As soon as we become aware of a security breach and that data has been accessed without autorisation, AceProject will contact the affected persons and/or businesses without delay. Furthermore, AceProject will do everything in its power to remedy the situation and prevent its further occurrence. This could provoke a short downtime on the servers in order to protect client data while we implement corrective action on the breach. Since 2001, we have never been hacked.

Confidentiality

Websystems makes every effort to preserve the privacy of the information its servers contains. Websystems will never sell, share or publish its clients' data.

Websystems will never share or sell email addresses with third parties.

All file attachments are located in a secure zone of the servers that is only accessible to users configured in the account to which the files belong. Any other AceProject user or unauthorized visitor cannot access these files.

When a client closes his/her AceProject account, the account data is deleted permanently from the servers. However, since client databases are backed-up weekly, a client database can be recovered from the external media.

Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our Web site.

Password Encryption

Passwords are encrypted with the "md5" crytographic algorhitm. Thus, passwords are case sensitive and are visible neither by us nor by your account's administrators. This puts the level of security of your data at a very high level. If your forgot your password, you will have to use the "Forgot Password?" link to enter a new one, since it cannot be retrieved.