Townsgate is committed to protecting both its proprietary and customer data. To do this, Townsgate has established a formal information security program to ensure appropriate controls are in place to safeguard sensitive data from unauthorized access or disclosure. The Townsgate security program is comprised of both technical and procedural controls. Townsgate has employed advanced next generation firewalls with Intrusion Prevention System (IPS) at the network perimeter configured in pairs for high availability. Public facing systems are segmented within a DMZ, isolated from internal systems by a pair of next generation firewalls protecting the intranet. All servers reside within either Townsgate’s primary or secondary data center. Data centers are enterprise class co-location providing air handling, power and network connectivity. Townsgate maintains its own cage with access controls. Datacenters maintain SOCI/II reports which Townsgate reviews on an annual basis. Both data centers and operational facilities provide physical security controls including, video monitoring, access controls, environmental monitoring and alerting, and visitor policy and procedures. Townsgate is a Microsoft shop utilizing Active Directory for centralized user account management. Users are assigned a unique user name and password. Passwords are required to be complex, changed frequently and will lockout after a predetermined number of invalid attempts. User sessions are required to re-authenticate after periods of inactivity. Townsgate performs routine user account review to ensure appropriate entitlements and the removal of dormant accounts. All servers and workstations are built and hardened to the Townsgate baseline standard with servers performing a single role (e.g. IIS). Townsgate employs antivirus on all desktops and servers. Antivirus is centrally managed with definition updates pushed daily. Townsgate performs routine vulnerability scans and monthly patch management. A third party external penetration test is performed annually. Townsgate requires all sensitive data transmissions to be encrypted through the web (e.g. HTTPS), bulk file transfer (e.g. Secure FTP) and email transmission (e.g. TLS) using industry recognized algorithms. Sensitive data is encrypted within the database. End users are restricted from writing to USB and CD-R. Townsgate has deployed Security Incident Event Manager (SIEM) throughout the environment. The SIEM generates alerts which are reviewed by designated members of IT. Townsgate maintains an Incident Response Policy and Procedure to ensure incidents are investigated, resolved, and remediated. Townsgate maintains a Software Development Lifecycle (SDLC) for secure code development including, dynamic code scanning to detect potential security vulnerabilities. Developers do not have access to production data.