Security Statement

Pangea Foundation’s information systems offer multiple layers of security to help ensure that the integrity of your data is never compromised. We know that security is crucial to you. That’s why we devote significant resources toward safeguarding and protecting your information.

Pangea Foundation’s world-class IT Infrastructure provides you with the option of multi-regional redundancy to give you peace of mind. Both our primary hosting data center in Grapevine, Texas and our backup hosting data center in San Diego, California meet the highest industry standards for physical security, system security, network security, and operational security.

Pangea Foundation’s multi-regional hosting package offers you the option of bolstering your disaster recovery plan with server redundancy in geographically disparate regions to ensure your data is protected in the event of a local, regional, or national disaster.

Live Server Hosting Environment
Pangea Foundation works with the leading managed hosting provider in the world—Rackspace®. Information about Rackspace can be found at www.rackspace.com. Pangea Foundation’s primary data center is located in Grapevine, Texas. To maximize security, Pangea Foundation ensures that the equipment it uses in its live hosting environment is dedicated equipment. In other words, Pangea Foundation does not share its equipment with other companies. Pangea Foundation also updates its server equipment regularly to ensure that current technology performance standards are met. The integrity of the equipment in our production hosting environment is proactively monitored 24/7. Following is a short list of physical security guarantees:

• Rigorously monitored access to all data centers, using keycard protocols, biometric scanning protocols, and continuous interior and exterior surveillance
• Unmarked facilities to help maintain low profile
• Data centers are isolated from everyone but authorized level three technicians, without exception
• All data center employees undergo thorough background security checks before being employed
• All data centers’ HVAC (Heating Ventilation Air Conditioning) systems are N+1 redundant ensuring that a duplicate system can immediately come online in the event of an HVAC system failure
• All air is circulated and filtered every 90 seconds to remove dust and contaminates
• An advanced fire suppression system is designed to stop fires from spreading in the unlikely event one should occur
• All cables are securely tied down with cable racks suspended from ceilings providing dual routes for all cables, and in the unlikely event that all cables on a cable rack are cut or burned, packets of data will automatically be routed to a second set of cables on the other side of the data center
• In the unlikely event of a total utility power outage, all data center power systems are designed to run uninterrupted supplied by conditioned UPS (Uninterruptible Power Supply) power
• The UPS power subsystem is N+1 redundant, with instantaneous failover if primary UPS source fails
• For extended utility power outages routinely tested, on-site diesel generators can run indefinitely
• All data centers use only fully redundant, enterprise-class routing equipment
• All routing equipment is housed in a secured core routing room fed by its own redundant power supply
• Fiber carriers enter facilities at disparate access points to guard against service failure
• Physical security audited by an independent firm

Backup Server Hosting Environment
Pangea Foundation’s backup servers are hosted at the San Diego Supercomputer Center (SDSC), which is located on the campus of the University of California, San Diego. SDSC is recognized as an international leader in High-performance Computing, Networking, Data Management, and Systems Security. SDSC is also a highly monitored facility that offers 24-hour surveillance and requires photo identification for access. The facility also has redundant electrical generators, redundant data center air conditioners, and other advanced technologies designed to keep servers continually running. More information on the San Diego Supercomputer Center can be found at www.sdsc.edu.

Dedicated Firewall
Pangea Foundation’s systems are protected by Cisco Firewalls. These fully managed devices include 24/7 monitoring by Rackspace Managed Network Security staff. All of Pangea Foundation’s equipment is dedicated and used exclusively by its clients. A dedicated firewall acts as a protective barrier to keep destructive forces away from your mission-critical data. Unlike shared firewall devices that leave the possibility of unauthorized access by any other customer sharing the same firewall, a dedicated firewall provides protection exclusively to your server, and ultimately, a greater level of security for your peace of mind.

Although software firewalling has its place, it does not offer the same level of security as a dedicated hardware device. The Cisco switches, routers, and firewalls that we employ in production perform Stateful Packet Inspection (SPI) and allow for traffic logging, auditing, and shaping. Additional security options such as a Virtual Private Network access are not available with software or shared firewall solutions.

Virtual Private Network
In addition to filtering traffic, a dedicated firewall allows for a more secured form of communication with the implementation of a Virtual Private Network (VPN). A VPN encrypts all information between Pangea Foundation’s production and hosting environments.

Reliability and Backup
All networking components, Web servers, and additional application servers are configured in a redundant configuration. All customer data is automatically backed up on a nightly basis. System patching provides ongoing protection from exploits. Daily backups are stored in both locations on a 24 hour basis. Data backups are stored for two weeks on Pangea Foundation’s primary servers, and archived indefinitely on its backup servers.

Independently audited disaster recovery and business continuity plans are in place for the headquarters and support services of Pangea Foundation’s live hosting organization. In the unlikely event that its primary hosting facility went offline due to a national disaster and this disaster recovery and business continuity plan was insufficient, Pangea Foundation’s backup hosting facility has contingency planning to be up and running with the most recently backed up data from any of its systems within 24 to 48 hours.

Without the best network, world-class Web applications can become average. It’s one of the reasons Pangea Foundation chose Rackspace as its primary hosting provider. Rackspace is known for designing The Zero-Downtime Network™. The Zero-Downtime Network gives Pangea Foundation 100% network uptime. How is this achievable?

• Not using its network for purposes other than managed hosting—no telecom or cable TV services take priority over customer needs;
• Using only high performance bandwidth, unlike cheaper hosting providers;
• Partnering with nine network providers to provide multiple redundancies in information flow to and from data centers and end users;
• Fiber carriers enter data centers at disparate access points protecting network from complete service failure in the unlikely event of a network outage;
• Rackspace’s Proactive Network Methodology continually monitors and automatically improves the network topology and configuration in real-time based on route efficiency and end-user performance, ensuring the fastest and most reliable network connections;
• Maintaining low overall network utilization, providing resiliency from the largest Internet routing issues;
• A highly redundant network configuration co-developed with Cisco to protect against single points of failure at the shared network level;
• Partnering with Cisco and Arbor-Networks to create ever-improving methods to monitor and secure the Rackspace network from intrusions.

The security of your Web application is critical to protecting your information, your organization, and the people you serve. Pangea Foundation ensures that your Web application is compliant with the latest regulations and mandates. These days the risks and regulations are so numerous and dynamic that it’s easy to fall behind on the specifics and end up with a false sense of security. After all, what was compliant last year might not be compliant this year. Pangea Foundation draws from a broad knowledge and a conscientious pledge to understanding sophisticated application development methods and advanced vectors of attack.

Authentication
Users of Pangea Foundation’s secure Web applications may only access these systems with a valid username and password; all of these systems are encrypted through 128-bit SSL Certification while in transmission. Users may not use passwords that fail to meet Pangea Foundation’s defined security standards. An encryption session ID cookie is used to uniquely identify each user. This session ID is automatically scrambled at periodic intervals.

Security “Timeout”
In order to comply with security regulations, protect the privacy of sensitive data, and protect you from liability, Pangea Foundation’s Web applications “timeout” if users do not interact with the database for more than 20 minutes by clicking the “submit” button or requesting a new page. If the system has been idle for more than 20 minutes subsequent login is required. The timeout is a security feature designed to prevent someone other than the logged-in user from accessing information. It’s especially important in environments where users are frequently called away from their computers.

Secure Sockets Layer Encryption (SSL)
The safe and reliable exchange of data is more crucial than ever in today’s Internet environment. Authenticating user identify is not only a best practice, it’s a privacy and security requirement necessary to comply with numerous regulations, including Federal HIPAA guidelines.

Encryption forms the basis of data integrity and privacy necessary for Web commerce today. Secure Sockets Layer Encryption, or SSL, is an advanced encryption technology that protects Pangea Foundation’s Web applications. Without encryption, the integrity of information transmitted through public and private networks can be compromised. SSL uses public key encryption methods to verify the authenticity of a server or client and encrypt communications between them. SSL encryption protects network access, online communications, and digital communications by creating a secure channel between Pangea Foundation’s infrastructure and Pangea Foundation’s users.

Pangea Foundation offers strong encryption options to secure your data and communications, including the 128-bit VeriSign SSL Certificate. Trusted by more than 500,000 businesses, VeriSign is the SSL Certificate provider of choice for more than 93% of the Fortune 500 and the top 10 banks in the United States. A more affordable and considerably faster version of SSL Certificate to implement is the SSL 123, capable of 128-bit encryption for securing your data transactions. Although its issuing process isn’t as thorough as VeriSign’s, it’s considered an effective option for encrypting data transmitted from sensitive applications to users online.

Security Compliance
The threats, solutions, and regulations are so many, that it's hard to keep track of your security environment. To be sure we have dotted our “Is” and crossed our “Ts” Pangea Foundation uses the services of AmbironTrustWave, the expert in Web application security, to conduct an independent security audit of our Web applications. This vulnerability assessment service runs every three months and does the following:

• Detects over 3,000 security vulnerabilities within the Web application environment
• Validates compliance with:
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Sarbanes-Oxley (SOX)
  • Payment Card Industry (PCI) Data Security Standards
  • Gramm-Leach-Bliley Act (GLBA)
  • Federal Information Security Management Act (FISMA)
  • Statement on Auditing Standards Number 70 (SAS-70)

This discerning third party assessment, combined with Pangea Foundation’s dedicated servers and network equipment, trusted data center hosting partners, and application side security ensures that your hosted environment will be as secure as you expect.

Access
Each year, Pangea Foundation’s staff members must sign updated confidentiality agreements acknowledging, among other things, that all customer data is owned solely by the customer and it must be kept confidential and secure. Access to confidential information is restricted to authorized personnel only. Pangea Foundation and hosting provider employees do not have direct access to the production equipment, except when necessary for system management, maintenance, monitoring, technical support at the customer’s request, and backups. All staff members at Pangea Foundation and hosting partners with access to live equipment are thoroughly background checked, including fingerprint background checks to ensure that employees meet the highest levels of integrity. All Pangea Foundation employees are trained on our strict information security and privacy procedures, including HIPAA training.