Security Policy

Last updated September 6th, 2022

Applied Data Consultants, Inc., and its affiliates (“Applied Data Consultants,” “Elite EXTRA,” “we,” “our” or “us”) have implemented the following information security program to protect our organization and our customer’s data.

Security controls

1. Network & infrastructure security
   1. Requires business need to access the production environment.
   2. Requires connections over encrypted VPN to access the production environment.
   3. Centralized, auditable logs of operations in production environment.
2. Data security
   1. Data encrypted at rest and in transit
   2. Backups and recovery
      1. EXTRA utilizes a point-in-time recovery backup solution. The application aggregates the continuous stream of data and transactions in the form of write-ahead logs from database servers. It also creates full backups of the last five days. Utilizing this combination approach EXTRA can restore customer data to any point in time within the previous five days.
   3. Retains data in line with Privacy Policy.
      1. EXTRA does not share any customer data with other entities and only collects and maintains data directly related to the operation of the Elite EXTRA service.
      2. Data is categorized by our internal data classification policy. Generally all access is based on the ‘need-to-know’ principle. Data that is categorized as non-public (private, restricted, confidential, etc) has strong access controls in place. Controls include user permission/role based access, encryption at rest, encryption in transit, facility security, non-disclosure agreements, secure data disposal policy.
      3. Depending on the customer requirements, data may be stored in our colocated regional data centers as well as cloud service providers: Digital Ocean, BackBlaze, AWS, Wasabi.
3. Regulations and compliance standards
   1. HIPAA
      1. EXTRA can be configured for HIPAA compliance, including electronically protected health information (e-PHI).
   2. NIST 800-171
   3. FTC Safeguards
4. Risk Assessment
   1. Monthly review and audit of identified risk.
   2. Vulnerability Scan
      1. EXTRA undergoes a weekly automated vulnerability scan of our external facing web services. This scan focuses on the OWASP (https://www.owasp.org) known vulnerabilities. During our release cycle our team reviews the security audit logs and addresses all reported issues.
5. Application security
   1. Requires a peer review for source code changes.
   2. Regularly conducts audits of our source code.
   3. Regularly reviews potential vulnerabilities in our environment and applies relevant patches.
   4. Orchestration tools manage all host environments (provisioning, patching).
   5. Continuous Integration server manage all code releases.
   6. CVE alert notifications monitored daily
6. Best practices
   1. Checks references for all new employees.
   2. Requires new and existing employees to regularly complete security awareness training.
   3. Requires new employees to sign a non-disclosure agreement.
   4. Reviews new vendors prior to using their services, and existing vendors at least annually.

Changes to this Security Policy

This Security Policy may be modified from time to time, so please review it frequently. Changes to this Security Policy will be posted on our websites. Security, confidentiality, integrity, and availability concerns should be reported to security@eliteextra.com. Reported issues will be promptly evaluated and remediated by our security team.

Please fill out the form:

(Fields marked with a * are required)