PLEASE READ THIS CLIENT SERVICES SECURITY & PRIVACY POLICY CAREFULLY.

AUTHORIZATION

CONTACT AUTHORIZATION

Choice CyberSecurity is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. By checking the box "I agree to receive communications from Choice CyberSecurity" you are consenting to us contacting you for this purpose.

DATA STORAGE AUTHORIZATION

In order to provide you the content requested, we need to store and process your personal data. This includes but is not limited to: your name, email address, company information and Internet Identifiers. By checking the box "I agree to allow Choice CyberSecurity to store and process my personal data," you are consenting to us storing your personal data for this purpose. 

UNSUBSCRIBE

You may unsubscribe from these communications at any time. Specifically, you can opt out of our email communications at anytime by selecting "Unsubscribe from all future emails" at the bottom of our email communications or emailing info@choicecybersecurity at anytime. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

CORRECTING/UPDATING/DELETING/DEACTIVATING PERSONAL INFORMATION

If a customer’s personally identifiable information changes (such as zip code, phone, email or postal address), or if a user no longer desires our service, we provide a way to correct, update or delete/deactivate users’ personally identifiable information. This can be taken care of after notification is provided.

PRIVACY POLICY

INFORMATION COLLECTION

Choice CyberSecurity is the sole owner of the information collected through this website. Choice CyberSecurity collects information from our customers at several different points on our website and 3rd party applications.

FORMS

We request information from the customer through Hubspot forms and Formstack. 

Hubspot

A customer must provide contact information (such as name and email). This information is used for marketing and customer contact purposes. Please refer to the Hubspot section below for more information.

Formstack

Customers are often asked to provide contact information, payment information (such as credit and debit card numbers) and sensitive network infrastructure information (such as IP Addresses). The data is used for contact and analyzation purposes. Please refer to the Formstack section below for more information.

INFORMATION USE

Information collected is used only for contacting you about our requested products and services. We do not share your information with other third parties.

SHARING

LEGAL DISCLAIMER

We may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our website. We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

THIRD PARTY ADVISORS

Choice CyberSecurity DOES NOT share website usage information about users with third parties. If we were to engage in any onward transfers with third parties, we would provide you with an opt-out choice.

SERVICE PROVIDERS

We do not partner with other third party Systems to provide toll free services. When the user signs up for these particular services, we share names, or all contact information that is necessary for the third party to provide these services. These third parties are not allowed to use personally identifiable information except for the purpose of providing these services.

LINKS

This website contains links to other sites. Please be aware that we, Choice CyberSecurity, are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every Web site that collects personally identifiable information. This privacy statement applies solely to information collected by this Web site.

CHILDREN

Our Products and Services are not intended for children under 13, and we do not knowingly collect information from children under the age of 13. Children aged 13 or older should not submit any personal information without the permission of their parents or guardians. By purchasing Products and Services, you are representing that you are at least 18, or that you are at least 13 years old and have your parents' or guardians’ permission to use the website and our related products and services. In the event that we learn that we have collected personal information from a child under age 13 we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at info@choicecybersecurity.com.

SECURITY

We use reasonable and appropriate measures to protect your information. When customers submit sensitive information via the website, their information is protected both online and offline. When our registration/order form asks users to enter sensitive information (such as credit card number and/or social security number), that information is encrypted and is protected with the best encryption software in the industry - SSL. While on a secure page, such as our order form, the lock icon on the bottom of Web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or open, when users are just 'surfing'.

While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user-information off-line. All of our customer information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job (for example, our billing clerk or a customer service representative) are granted access to personally identifiable information. Our employees must use password-protected screen-savers when they leave their desk. When they return, they must re-enter their password to regain access to user information. Furthermore, ALL employees are kept up-to-date on our security and privacy practices.

DATA STORAGE SECURITY

Choice CyberSecurity functions on least privilege standards and will only store your data in the necessary resources to provide you the best possible service, information and resources. These tools include but are not limited to:

HUBSPOT 

Choice CyberSecurity utilizes 3 Hubspot tools: CRM, Marketing and Service Hub. The CRM is utilized for client contact and deal management. The Marketing tools are used for landing pages, forms, workflows and email distribution. Service Hub is utilized for customer service tasks, client account management, service tickets, and Knowledge Base. We are constantly trying to improve our processes as Hubspot releases new features.

HubSpot’s primary security focus is to safeguard our customers’ and users’ data. This is the reason that HubSpot has invested in the appropriate resources and controls to protect and service our customers. This investment includes the implementation of the dedicated Security Team. The Security Team is responsible for the HubSpot’s comprehensive security and risk management program and the governance process. The security team is focused on defining new and refining existing controls, implementing and managing the HubSpot security framework as well as providing a support structure to facilitate effective risk management. Our Chief Security Officer, who reports to the Chief Financial Officer, manages the Security Team. Learn more about Hubspot's Security & Risk Management Here.

FORMSTACK

Choice CyberSecurity utilizes Formstack to collect data from clients and partners. Formstack offers many security features and CCS is committed to enabling and enforcing the most secure settings. Any data that is uploaded within a form is encrypted with 256-bit SSL encryption and it is never shared with other 3rd and 4th parties. The application encourages strong passwords, secure backups and ongoing monitoring. Formstack, along with its host, AWS, is PCI, HIPAA and GDPR compliant. Learn more about Formstack’s Security Features here.

ZOOM

Choice CyberSecurity utilizes Zoom to conduct virtual meetings and training sessions. CCS records all Assessment related meetings for quality and assurance purposes. Meeting are downloaded to the CCS team members desktop, uploaded to the client folder within the CCS Resource center, then promptly deleted from the CCS team member's desktop. All data, including online meetings, webinars and training sessions are completely private and secure. All of their solutions feature end-to-end 256-bit  Advanced Encryption Standard (AES) encryption. No unencrypted information is ever stored on their system. Learn more about Zoom’s Security Features Here.

G SUITE

Choice CyberSecurity utilized G Suite to run our primary business functions, including but not limited to: Gmail, Docs, Sheets, Slides, Forms, Calendar and Drive. CCS takes advantage of all G Suite provided security controls over system configuration and application settings – including authentication, asset protection, and operational control. Learn more about G Suite's Security Features Here

MONDAY.COM

Choice CyberSecurity utilizes Monday.com for all project management, including but not limited to: client orders, issue tracking and account related task management. In order to accomplish this task, we must store select sensitive data in order to provide the best possible customer service. Monday.com is committed to providing their customers with a highly secure and reliable environment for its cloud-based application. We have therefore developed a security model that covers all aspects of cloud-based monday.com systems.

The security model and controls are based on international protocols and standards and industry best practices, such as ISO/IEC 27001, the standard for information security management systems (ISMS) and ISO/IEC 27018 , Security techniques- Code of practice for protection of personally identifiable information in public clouds. Read more about monday.com data security here

BOX

Box is our secure cloud document management and file sharing solution.  Protecting our sensitive data is a Box priority, which allows the CCS team to securely store and share business files with confidence. Box has a variety of security feature options and CCS employs all possible resources in order to protect your sensitive information, including: 256-bit AES encryption, client agreements, role-based permissions, audit trails, complex passwords, two-factor authentication, single-sign on compatibility and automatic session timeouts.

Box maintains security protocols for compliance, primarily through a EU-U.S Privacy Shield Framework to meet HIPAA, ISO 27001, FINRA, GDPR, SOC 1, SOC 2, and SOC 3 compliance. All Box data is stored in Amazon Web Services SSAE 16 certified data centers which are comply with the same compliances. Choice CyberSecurity reserves the right to revoke access for any user, at any time to ensure data safety. Learn more about Box’s Security Features on their website. 

AEGIFY

Choice CyberSecurity utilizes Aegify's RSC Suite for Unified Risk, Security & Compliance Management as well as their Policy Manager and Integrity Manager tools. Aegify Compliance Manager provides a unified platform for all our compliance management activities and automatically integrates with our clients' risk and security management and audit operations. This tool provides unprecedented visibility into your compliance efforts and risk management across your organization.

Aegify was architected and engineered with complete cloud focus and first of integrated security, risk, and compliance services that is SaaS based. Aegify was built on a cloud architecture that is event driven, recovery and service oriented architecture and based on seven Dimensional Multi Stage Data Normalization. The Aegify Compliance platform does not deliberately collect or store any sensitive or personal information, it simply requests that the user upload evidence for each control including policies and procedures. Aegify is hosted on Amazon Web Services (AWS) Cloud Infrastructure, to learn more about AWS Security measures here

Aegify's Application specific security features include: granular access control, multi-tenanted architecture, two-factor authentication, and multi-dimensional Data Analysis. Learn more about Aegify's products and security features here

QUICKBOOKS ONLINE

Choice CyberSecurity deploys least privilege functionality company wide. There are very limited resources that have access to our Quickbooks Online account. Quickbooks is used for one-time and unique payment requests, i.e. a Risk Assessment. Invoices are generated through our billing team and emailed directly to the client provided billing contact. The only times that payment information is stored in our account is when the client select the "Save for Future Use" option or pays over the phone to eliminate future phone payments. Choice CyberSecurity never charges our clients without explicit consent. 

Quickbooks takes various measures to ensure that our data is safe. They rely on advanced, industry-recognised security safeguards to keep all of our financial data private and protected. QuickBooks Online is a VeriSign SecuredTM product. VeriSign® is the leading secure sockets layer (SSL) Certificate Authority. With password-protected login, firewall protected servers and the same encryption technology (128 bit SSL) used by the world's top banks, we have the security elements in place to give you peace of mind. Learn more about Quickbooks Security here

CHARGIFY

Chargify, LLC is a billing software used by Choice CyberSecurity to bill and invoice Choice-provided products and services. We request information from the customer on our order form. A customer must provide contact information (such as name and email). This information is used for billing purposes and to fill orders. If we have trouble processing an order, the information is used to contact the customer. Chargify utilizes Stripe Payment Processor to process credit cards. Read more about Stripe below. 

Chargify uses reasonable and appropriate measures to protect your information. When customers submit sensitive information via the website, their information is protected both online and offline. When our registration/order form asks users to enter sensitive information (such as credit card number and/or social security number), that information is encrypted and is protected with the best encryption software in the industry - SSL. While on a secure page, such as our order form, the lock icon on the bottom of Web browsers such as Netscape Navigator and Microsoft Internet Explorer becomes locked, as opposed to unlocked, or open, when users are just 'surfing'. Learn more in our Chargify Privacy Policy here

STRIPE

Choice CyberSecurity utilizes Stripe to process credit card payments and store credit card information. Stripe is PCI Certified Level 1, the most stringent level of certification available in the payment card industry. Stripe forces HTTPS for all services using TLS, including their public website. All card numbers are encrypted at rest with AES-256. Learn more about Stripe’s Privacy Policy here.

PANDADOC

Choice CyberSecurity primarily utilizes PandaDoc for Proposal, Executive Summaries and Client Documents. Choice CyberSecurity does not utilize PandaDoc to store scan files, payment information or detailed sensitive information.

PandaDoc takes significant effort to protect all of their client data, and respect our privacy. They take any possible threat very seriously and work hard to protect our customers and their data. All data sent to or from PandaDoc is encrypted using 256-bit bank-grade encryption and regularly tested for vulnerabilities. Additionally, Panda Doc enforces regular encrypted backups, system monitoring and alerting and employs Amazon Web Services (AWS) secure data bases. Panda Doc is HIPAA, SOC2, PCI, ISO 27001 and GDPR compliant Learn More about PandaDoc Security Here. 

NETWORK SCANNING TOOLS

SCANS

Choice will conduct network scans with state of the art vulnerability scanning tools for all facilities and perform a review of systems to determine the level of security and compliance. Our scans will uncover active security gaps on your network by IP address and location to discover your organization’s actual exposures. In addition, they will provide you with a virtual map of your exposures to create a detailed remediation plan. We will be utilizing 4 tools to conduct the following scans:

  • Network Asset Scans

  • Software Vulnerability Scans

  • Internal & External Vulnerability Scans

  • PII Scans

  • Dark Web Scan

SECURITY

Choice CyberSecurity uses a variety of scanning tools to conduct our Security & Compliance Risk Assessments. The information utilized to conduct our scans is provided by the MSP or client IT resource in our Network Infrastructure Discovery Form and stored in our CCS Resource Center. Our primary scanning tools do not store any sensitive data and are conducted through agents installed on a host workspace within the client domain. Two of our scanning tools do store client information such as the device name and location of issues or sensitive data. However, these tools never disclose or provide any sensitive data. For example, a social security number will appear as xxx-xx-xx23. 

Choice CyberSecurity takes precautions wherever possible to protect your sensitive data by utilizing world renowned scanning tools, enabling two-factor authentication, enforcing a complex password policy and team education. All scan reports and data are stored in the CCS Resource Center. We would be happy to answer any scanning tool related security questions. Please direct all scanning tool security or compliance related questions to clients@choicecybersecurity.com. 

DISCOVERY

Our goal is to scan all network devices in addition to the physical, on-site equipment. All equipment must be powered on and readily available for our scans to be effective. It is critical to inform your staff to keep all machines powered on during our scan times. We will communicate your specific scanning windows and send you a reminder the day prior to your scans. Please educate your staff accordingly.

TIMING

We will conduct our scans at a dedicated convenient time for your organization. Please take into consideration that these scans may take up to 3 business days to complete depending on the device and vulnerabilities.

NETWORK IMPACT

Our tools are well vetted to ensure the safety of your systems. They are not intrusive and should not cause any network issues or downtime. If you have concerns, we can conduct our scans outside of your normal business hours assuming all assets can be powered on and made visible for our scanning tools.

WORKFLOW OPERATIONS

Our scanning process should not impact your daily operations or workflow. All business should be conducted as usual so that we can get a proper network assessment of your data in motion. It is important that all team members their natural data flow so that we can conduct a proper assessment of employee operations to create impactful results and resolution suggestions.

EMPLOYEE IMPACT

All network devices will be scanned for vulnerabilities. This includes all mobile devices such as laptops, tablets and smartphones. While we will be looking for active vulnerabilities, we will not have visibility into specific sensitive information. Our scans will provide us with the location of each sensitive file but they will not disclose the specific information. For example, a social security number will appear as xxx-xx-xx23.

DATA RETENTION

Choice CyberSecurity must balance our legal obligations and need to retain information for business purposes against the cost of storing and securing such information. Our standard data retention policy is 7 years unless otherwise stated in our Data Retention Policy. 

GDPR RIGHTS

The GDPR codifies data protection via a series of rules for businesses and rights for citizens. The following rights are enshrined in the GDPR and Choice CyberSecurity has all of them covered for you. 

RIGHT TO ACCESS

You have the right to access all the data we have about you, for free, and in a digital format. You can submit a request to clients@choicecybersecurity.com to see all the data we have about you at any time.

RIGHT TO PORTABILITY

You have the right to transfer your data from one place to another. By request, Box can provide full account exports so you can take your data wherever you like.

RIGHT TO BE FORGOTTEN

You have the right to request all the data we have about you be deleted. By request, Choice CyberSecurity can fully delete your account including all content, personal data, and identifiable links in practice with our Data Retention Policy. 

NOTIFICATION OF CHANGES

If we decide to change our privacy policy, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so our customers are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.