Committed
to Safeguarding Your Data

Nothing is more important than protecting our customers’ data. We encrypt all data from login to logout, holding ourselves to the highest encryption standards.

Security practices

Always Up and Running

Total Expert’s products run on best-in-class infrastructure at AWS data centers. Each AWS data center is restricted by biometric authentication, keycards, and constant surveillance. This ensures that only authorized engineers have access to routers, switches, and servers.

AWS’s power systems deliver conditioned power while protecting against sags, surges, swells, spikes, and electrical noise. Uninterruptible power supplies (UPS) provide instant failover for continuity during a power outage, with on-site backup generation facilities prepared for extended outages.

Total Expert Security Operations

We are always on the lookout for breaches and system interruptions. We’ve invested in detecting and responding to security events and incidents that impact infrastructure.

Respond to Infosec and US-­CERT alerts within 24 hours. Incidents are responded to in a timely manner and communicated to relevant parties.

 

Corrective actions are executed. Lessons learned are relayed to every department and team.

Root cause analysis is performed. We follow the 5 Whys technique to explore the underlying problem.

Network Security

Your data is protected at all times. We take multiple steps to prevent eavesdropping between systems, as well as within our infrastructure.

All network traffic runs over SSL/HTTPS, the most common and trusted communications protocol on the internet.

Our virtual systems are replaced on a regular basis with new, patched systems. We’re relentlessly updating our systems to protect your data.

System configuration and consistency is maintained using a combination of configuration management, up-to-date images, and continuous deployment.

We separate the database instances from application servers physically, and believe in the mantra of single­-function servers.

All login pages pass data via SSL/TLS for public and private networks, and only support certificates are signed by well­-known certificate authorities (CAs).

All email and CRM credential­-related data is encrypted while in transit using military-grade encryption.

Total Expert application passwords are hashed, and even our own staff can’t retrieve them.

Total Expert offices are protected behind network firewalls from recognized security vendors and secured by keycard access.

Collaborative tools like email, document shares, and calendars require two­-factor authentication to mitigate phishing attacks.

Critical infrastructure passwords are locked in a virtual vault using AES­256 encryption and can only be accessed by specific professionals within the organization.

Data-protection techniques

Logging

Logging is a critical component to Total Expert’s infrastructure. Logging is used extensively for application troubleshooting and issue investigation. We collect everything to form a complete audit trail of user activity.

All login pages pass data via SSL/TLS for public and private networks, and only support certificates signed by well­-known Certificate Authorities (CAs).

All email and CRM credential­-related data are encrypted while in transit using military-grade encryption. Total Expert application passwords are hashed and even our own staff can’t retrieve them.

 

Data Protection, Continuity, and Retention

Production data is mirrored to remote systems and automatically backed up daily to an off-site location.

We test our recovery procedures regularly by restoring from backup and simulating the recovery of a production database.

Our backup retention varies by function and business impact. The minimum backup retention for all systems is seven days and goes up to 90 days.

Our production applications are deployed in multiple locations which can sustain the loss of an entire data center in a region.

 

California Consumer Privacy Act (CCPA)

For Total Expert’s customers, Total Expert is a “service provider” under the CCPA. We process personal information only on behalf of our customers, pursuant to written contracts. Those contracts, which are already in place, permit Total Expert to process our subscribers’ data (including personal information) only for the purpose of providing our services.

While we necessarily have to process personal information transmitted through our network, we do not sell that information to third parties.

For more information: https://info.totalexpert.com/security-ccpa

Deliver the total experience, every time–with Total Expert.