Operational Security Information

As a data processor, Proofpoint is committed to maintaining the privacy and confidentiality of the personal data entrusted to us. We have a documented Information Security Program describing how and which technical and administrative security controls are implemented to protect personal data and our requirements for the security of physical locations in which it is hosted.

We use the following North American co-location facilities and cloud providers which perform annual SOC 2 audits: Cyxtera LLC, DataBank Ltd, and Equinix (co-location facilities) and AWS and Google Cloud (cloud providers).

Additionally, the following European co-location facilities and cloud providers maintain ISO-27001 certifications: Equinix EU (co-location facility) and AWS (cloud provider).

Access controls mechanisms are established for physical and logical access to the co-location facilities and the infrastructure located within these facilities. All physical and logical access to co-location facilities is logged and analyzed for inappropriate access. Physical security controls for the facilities hosting the services include 24x7 on-site security, local and remote security and environmental monitoring, and redundant power and environmental controls. Physical and logical access authentication for Proofpoint personnel is performed using two-factor authentication, and such access is granted based on the employee’s role.

We have built state of the art automation tools, designed to ensure system integrity at the application level. A highly trained team of security professionals is responsible for documenting and deploying security controls. A separate team is responsible for performing continuous monitoring to ensure that these controls remain effective and in-place.

The infrastructure hosting the cloud-based services is actively monitored with agents collecting hundreds of metrics specific to hardware, networking, operating systems, and security. These metrics are compared against well-established baselines. Alerts are automatically generated when thresholds are reached, and escalation schemes are systematically enforced so that potential issues are addressed in a timely manner. Operations and security personnel are available 24 hours a day, 7 days a week to respond to any infrastructure or security issues.

© 2024. All rights reserved. The content on this site is intended for informational purposes only.
Last updated May 15, 2024.