Security

Our multi-layered approach to the overall Security Program ensures that your data is protected at multiple levels across the enterprise. By utilizing multiple levels of protection, we ensure that the failure of any single security control does not result in data integrity issues, or worst yet, a data breach. Below is just a small sample of some of the various controls we have in place.

Administrative Controls

• Policies and standards
• Data governance process
• Stringent employment qualification
• Mandatory ongoing training and background checks
• Regular 3rd party validation of controls by nationally recognized auditing firms
• Change management process

Logical

• Systematic user access management programs including 2 factor authentication and dynamic risk scoring
• Encryption
• Firewalls, intrusion detection systems and monitoring
• Ongoing security vulnerability assessments starting at the network level all the way through the application level

Physical

• On-site dedicated physical security personnel
• Biometric authentication at key access points
• Geographic diversity of service
• Multi-level control and monitoring systems at all access points

Our systematic approach ensures that security is embedded in all aspects of our business across the enterprise. We recognize people are an important component of the overall Security Program and support that understanding with stringent hiring processes, continuing education in security, and enterprise wide participation in the security program. We ensure that our security culture is leading edge and second to none. Our employees understand that the security of your data is everyone's responsibility at HOPS. HOPS makes the security and privacy of your data our number one priority.

A dedicated compliance department is focused on ensuring that as industry standards and regulatory requirements continue to evolve, our security programs continue to evolve with them. While we specifically focus on adhering to the following standards, special attention is given to the effectiveness of the overall security program so that we know your data is secured.

• Centers for Medicare and Medicaid Services (CMS-BPSSM)
• Health Insurance Portability and Accountability Act (HIPAA)
• Payment Card Industry (PCI) Certification in progress, scheduled for completion by March 2009
• SAS-70, report to be published in January 2009
• ISO-27001 "ISO27k" Information Security Management System certification standards, slated for 2009

24 hours, 7 days a week, every day of the year, veteran staff maintains the security of your data.

As a leading information technology corporation, HOPS maintains corporate policies that ensure stringent physical, administrative, and technical security to guard the integrity, availability and confidentiality of the information in our custody.

With a combined experience of 50+ years, our team has four Certified Information Security Services Professionals (CISSP), a globally recognized standard of achievement, so you can sleep soundly at night knowing your data is in good hands.

• Staff has a broad cross section of degrees, certifications and experience that enables them to achieve success. Certified security professionals, numerous HP, Microsoft and Cisco certified engineers, BA, BS and MBA degrees within this team, as well as military and audit backgrounds.
• Over 40 years of payment processing experience present in the management level within the IS team.
• Three team members have extensive 24x7 issuing processor experience building over five data centers, and three call centers all in compliance to Federal regulatory requirements and PCI standards.