Security Overview

Last updated: November 2024

Alpine Anchor is committed to providing highly secure and reliable automation and analytics solutions. We maintain the confidentiality of our clients’ information and ensure that their data is available when needed through the use of proven, tested, best-in-class security tools, technologies, practices, and procedures.

Compliance

HIPAA

Alpine Anchor maintains HIPAA compliance standards as a Business Associate and is able to sign a Business Associate Agreement (BAA) with customers requiring protected health information (PHI) handling.

PCI

For processing credit card payments, Alpine Anchor uses PCI Compliant Level 1 payment processors that maintain the highest standards of payment security.

Hosting Environment and Physical Security

Alpine Anchor leverages enterprise-grade cloud infrastructure from Microsoft Azure. As a Microsoft Partner, we adhere to Azure Well-Architected Framework standards and best practices for our cloud environment. Our infrastructure can be deployed in various Azure regions based on client requirements and compliance needs.

Network Security

  • All web traffic is encrypted and only accessible over HTTPS
  • Strong encryption algorithms with minimum 128-bit key length
  • Support for secure protocols including HTTPS, SFTP, and FTPS
  • Multi-tier architecture segregating internal systems from public internet
  • Azure Application Gateway with Web Application Firewall (WAF)
  • Private Virtual Network deployment for internal systems
  • Comprehensive Network Security Groups and routing rules
  • Azure Monitor for centralized secure logging

Authentication

  • Enforced password complexity and expiration standards
  • Optional Two-Factor Authentication (2FA) support
  • Encrypted credential storage using 256-bit keys

Access Control and Monitoring

  • Role-Based Access Control (RBAC)
  • Separate development, test, and production environments
  • Comprehensive user activity audit logs
  • Central management console (Horizon Base Camp)

Application Development

Our software development lifecycle incorporates:

  • Documented security and privacy considerations
  • Design and code reviews
  • Third-party dependency scanning
  • Automated code and secret scanning
  • Comprehensive unit and integration testing
  • Regular security training for development staff

Vulnerability Management

  • Regular internal vulnerability scanning
  • Risk-based vulnerability remediation
  • Continuous security monitoring

Data Privacy

  • Comprehensive privacy policy
  • Data Protection Addendum support
  • Regular privacy impact assessments

Data Protection

  • All data encrypted at rest using AES-256
  • Configurable data retention periods
  • Configurable retention policies

High Availability

Our platform is designed for high availability through:

  • Redundant service clusters
  • Multiple Azure Availability Zone utilization
  • Continuous database replication
  • Business Continuity and Disaster Recovery planning

Incident Response

  • 24/7 security monitoring
  • Automated security and performance alerts
  • Documented Security Incident Response Plan
  • Dedicated incident response team

Our Organization

  • Background checks for all employees
  • Mandatory security awareness training
  • Principle of least privilege access
  • Regular access rights review
  • Dedicated security personnel

Vulnerability Disclosure

Alpine Anchor welcomes reports of potential security vulnerabilities. Reports can be submitted to [email protected]. We will acknowledge all reports and keep reporters informed of their status.

Note: Automated scanning of our systems is not permitted and may result in IP blocking.

For more information about our security practices or to request detailed security documentation, please contact your Alpine Anchor representative.