As a data processor, Proofpoint is committed to maintaining the privacy and confidentiality of the personal data entrusted to us. We have a documented Information Security Program describing how technical and administrative security controls are implemented to protect personal data and the physical locations in which it is hosted.
Our North American co-location facilities perform annual SOC 1 or SOC 2 audits and European co-location facilities maintain ISO 27001 certifications. Access controls mechanisms are established for physical and logical access to the facilities and the infrastructure hosting the services. All physical and logical access is logged and analyzed for inappropriate access. Physical security controls for the facilities hosting the services include 24x7 on-site security, local and remote security and environmental monitoring, and redundant power and environmental controls. Physical and logical access authentication for Proofpoint personnel is performed using two-factor authentication and is granted based on the employee’s role.
We have built state of the art automation tools, designed to ensure system integrity at the application level. A highly trained team of security professionals is responsible for documenting and deploying security controls. A separate team is responsible for performing Continuous Monitoring to ensure that these controls remain effective and in-place.
The infrastructure hosting the SaaS services is actively monitored with agents collecting hundreds of metrics specific to hardware, networking, and the OS. These metrics are compared against well-established baselines. Alerts are automatically generated when thresholds are crossed and escalation schemes are systematically enforced so that potential issues are addressed in a timely manner. Operations personnel are available 24 hours a day, 7 days a week to respond to any infrastructure issues.
© 2022. All rights reserved. The content on this site is intended for informational purposes only.
Last updated August 23, 2022.