Security

 
Data Security

ePly’s servers are housed in a state-of-the-art data centre. Multiple redundancies and backups have are in place, combined with advanced electrical and fire suppression systems to make sure that your data is safe in almost any emergency situation. See below for the specifics about the data center we use.
  

Secure Process

ePly uses SSL (Secure Socket Layer) encryption when collecting data entered on registration forms, the same technology used with online banking. Credit card numbers are never stored on our servers at any time, and ePly is fully compliant with the Payment Card Industry (PCI) Data Security Standard, a constantly evolving set of protocols created to reduce credit card fraud.
  

Secure Policy

ePly’s staff understands the importance of keeping potentially sensitive information confidential. We will never reveal sensitive information, ask for your password or give system access to a caller unless we can verify their identity.
  

Privacy

In an online landscape increasingly hostile to an individual’s confidentiality, our Privacy Policy is clear: your data belongs to you, and no one else. Not all registration software providers can say the same.

Our organization and servers are located in Canada, so your data does not fall under the jurisdiction of the US Patriot Act. Our data privacy policy can be viewed here.
  

Data Centre Technical Specifications

Data Centre

  • Brand new, state-of-the-art facilities located in a AAA-rated building.
  • Dual electrical grid connections from independent substations.
  • Internally redundant, bypassable 250 kVA UPS systems.
  • Dedicated backup generator with manual bypass to second non-dedicated backup generator in the event of generator failure.
  • Infrastructure built to comply with seismic code.

All of the data is mirrored to a separate hard drive within the server. If one drive was to fail, the system will remain running without interruption while the damaged drive is replaced. Also, all data is backed up to tape everyday and stored off site. The transfer of the tape back ups to the storage vault is handled by a bonded company that also handles data for banks and other financial companies.

Network

  • Fully redundant core switches, routers, and load balancers, utilizing 802.1w rapid spanning tree protocol (RSTP) for split-second failover and high availability.
  • Multiple GigE backbone trunks for fast network performance and traffic spike tolerance.
  • 100% uptime guarantee (with specific SLA).
  • 24 x 7 environment and network monitoring and response.
  • Multiple, fault-tolerant upstream fiber connections.
  • Burstable and uncapped bandwidth to every customer, at a minimum connection speed of 100 Mbps.
  • Broadcast and internal (non-Internet) traffic is unmetered!
  • Multi-homed network with BGP-advertised address space and connections to multiple Tier-1 providers:2 x GigE (Big Pipe, Level 3)
  • 1 x OC-12 (MCI)
  • 1 x 100 Mbps (VAIX)
  • Latency-optimized routing with excellent connectivity to Canada, U.S., and Europe.

Security

  • 24 x 7 building security monitoring and engineering response.
  • Elevator, office, and server room doors monitored for unauthorized or forced entry with local and building security response.
  • “Mantrap” entry with key card and biometric access authentication.
  • Segmented colocation and main server rooms.
  • 24 x 7 CCTV (closed circuit television) surveillance and recording.
  • Closed wiring conduits for all wire and fiber outside of the server room and within the colocation room.
  • Limited staff access to server rooms.
  • Access logging on all key card doors.
  • Rotated off-site backups.

Server Specifications and Scalability

Anytime that ePly does server maintenance it is scheduled for late night and is only for a 10 to 15 minute period usually not more than once per month. If anyone attempts to access a registration form during this time they will see a message saying that we are working on the server and to try again in 15 minutes. In the very unlikely event that the servers were destroyed and we needed to start fresh with a new server, we have, in practice, been able to rebuild the server, restore the database and be fully operational in less than 12 hours. If the entire data center was out of service, ePly would restore a backed up version of the database to a server already running in ePly’s office until a server in another datacenter could be arranged. While this work was taking place, people attempting to register for an event could be directed to call our toll free phone number to register. Our staff would take registrations by phone and then enter the data into the system once it was restored.

The ePly software and the current server configuration are designed to handle a very high volume of registrations per hour. As greater capacity is needed the system will be scaled to meet the demand with no interruption of service.

See more at: http://www.eply.com/services/faq/#sthash.MDGXMVdU.dpuf.