Summary of CS STARS security measures in place to protect your critical data
- CS STARS utilizes industry standards in firewalls, IPS and IDS, malware protection and a formal SDLC (System Development Life Cycle).
- CS STARS data backup and replication process is online – no tapes. Transmissions outside of our data center are encrypted at a minimum 128 SSL level.
- We utilize DAR (Data at Rest) encryption for our client data. All company laptops are required to have whole disk encryption installed and enabled.
- CS STARS has completed a Statement on Standards for Attestation Engagements No. 16 (SSAE16) examination and received its unqualified Service Organization Controls Report (SOC 1 Report Type II). The year-long independent SSAE16 examination, which took place at CS STARS’ two RMIS data processing centers located in Chicago and Amarillo, Texas, verified that our controls are appropriate to meeting our desired objectives and performed tests to ensure the controls are followed.
- CS STARS utilizes an independent industry recognized technology consulting firm to assess our security posture. Vulnerability assessments are performed on a quarterly basis, as well as penetration and web application security tests annually.
- Our data center, hosted by SavvisSM, features N+1 redundant Uninterruptible Power Systems (UPS) and diesel generators, advanced fire detection and suppression systems and redundant HVAC. Physical security is maintained with 24/7 staff, with video surveillance of common areas, mantraps, passageways and ingress / egress, and biometric access controls.
- Our Information Security and Compliance officer reports directly to the Chief Financial Officer to ensure full independence from the IT management team and staff.
- Marsh & McLennan Companies and CS STARS executive management have established risk management and information security teams that are responsible for assessing business risk and preparing, reviewing and testing plans to maintain business operations, establishing and implementing security policies, and advising on implementation of security products and procedures that comply with its policies. Employees, contractors and vendors are responsible for compliance with all applicable policies and procedures.