We have compiled the following list of questions and answers regarding specific aspects of the security protocols offered by sbaOpen. We update the questions and answers on a ongoing basis.
To access our privacy statement for this website, please follow this link.
For more detailed information about our security protocols and procedures, please contact us.
To download the questions below in PDF format, click here.
1) Does sbaOpen have a Disaster Recovery or Business Continuity Plan?
Yes. sbaOpen has an operational Disaster Recovery Plan that we test annually.
2) Does sbaOpen have a SAS 70 Type II audit?
sbaOpen’s hosting provider is SAS 70 Type II compliant. We are able to share their latest complete audit with current and qualified prospective clients.
3) Where is client data stored?
Our client’s data is stored on servers hosted and maintained at a best-in-class hosting company in the United States.
4) Who has access to data stored on sbaOpen’s servers?
Only sbaOpen authorized personnel have access to data stored on sbaOpen’s servers. During technical support calls to sbaOpen, if necessary, our staff asks for permission from the user to view their data.
Access to our hosting provider’s data centers is protected 24 hours a day. In order to gain entry into the data center all guests must pass through two-factor authentication barriers. Shifts patrol the data center and facility area regularly, and motion-sensitive cameras throughout the facilities track all data center activity.
5) How does sbaOpen back up data?
sbaOpen performs daily incremental and weekly full back ups of all customer data. All full backups of data are recorded to removable media (tape or DVD) and stored off-site at a secure location.
6) How is the sbaOpen system monitored?
All parts of the sbaOpen application (Network, Servers, Application and Database) are monitored 24/7/365 by sbaOpen IT staff. Any event that disrupts availability or potentially compromises security is logged and immediately notifies sbaOpen’s IT staff via email and SMS.
7) What are sbaOpen’s connectivity and availability standards?
sbaOpen’s application is designed for 24/7/365 availability. Our Connectivity standards are outlined in our Service Level Agreement (SLA). We can provide our SLA to all clients and qualified prospective clients.
8) Does sbaOpen use a firewall?
sbaOpen uses a Checkpoint VPN-1 Edge (16) firewall.
9) Is client data encrypted?
sbaOpen maintains an SSL certificate for all traffic to and from our application servers.
10) How many users can be online with sbaOpen concurrently?
sbaOpen has been designed to serve many concurrent users simultaneously. As our service and client base grows, sbaOpen will also scale our server infrastructure to ensure we have the capacity to meet all of our clients’ needs.
11) How does sbaOpen notify clients of standard maintenance and/or service disruptions?
sbaOpen performs regular maintenance to our hardware and software infrastructure to ensure the highest level of security and optimal performance of our application. We notify our clients at least 48 hours before any standard maintenance operation via the administrative email we have on file.
sbaOpen’s IT staff are notified of any unscheduled disruption of service immediately via email and SMS. sbaOpen will notify our client community within 24 hours of such a disruption via an email that outlines the reason behind the disruption, sbaOpen’s resolution and planned prevention of future disruptions.
12) Does sbaOpen protect users from virus, malware and spyware?
sbaOpen’s system is designed to detect and deter Virus, Malware and Spyware at the router level. System vulnerabilities related to application components are identified and fixed on a per-event basis and our IT staff remains connected to relevant reports about such issues from all component vendors. Finally, because sbaOpen’s application does not “run” any external applications, open documents, or access other websites/services, threats from these vectors are not applicable to the system.
Further, our hosting provider’s network infrastructure is specifically designed to detect and subvert any DDoS attacks automatically. They use state-of-the-art traffic profiling and anomaly detection capabilities to manage and secure their networks, pinpoint and troubleshoot network attacks, monitor servers and applications, and analyze network security performance issues.
13) How long does it take to add or disable a user?
sbaOpen is able to add and remove access within 24 hours. Our clients also have access to an administrator panel that will allow them to disable access to any user account immediately.
14) How long is data maintained in the sbaOpen system, and what happens to a client’s data if they discontinue using sbaOpen?
sbaOpen’s current policy is to maintain our clients' data indefinitely. This may change over time as our community grows.
While our service is custom built, our system is based on standard SQL database protocols. sbaOpen intends to provide our clients the ability to download all of their data as PDF reports on demand.
15) Does sbaOpen require complex passwords?
sbaOpen requires complex passwords for all users of the system that expire regularly.
