Internal Security
Security is a paramount concern at Concentric and is on our minds in everything we do. We believe trust and transparency are foundational to maintaining client relationships, and we are resolute in our commitment to demonstrate how our data management practices and operational protocols are designed to keep you safe.
Concentric operates a mature Information Security Management System which has been independently audited by Insight Assurance–an accredited certification body–as meeting the rigorous requirements of the ISO 27001:2022 cybersecurity framework.
Operational Security: Concentric maintains rigorous personnel security processes, including comprehensive background checks aligned with legal and regulatory requirements, and a formalized offboarding procedure that ensures the timely revocation of access rights to safeguard information assets.
Physical Security: Our data centers employ advanced physical security measures, including access control systems and surveillance, to protect against unauthorized access. We prioritize data centers with SOC 2 Type II reports and ISO 27001 certifications to ensure stringent physical security controls and the confidentiality, integrity, and availability of information assets.
Data Security: Sensitive data is encrypted at rest and in transit. Access to all data and systems is based on Principle of Least Privilege to ensure information is accessed only by authorized individuals and protected according to its data classification level.
Network Security: Concentric’s networks are safeguarded by state-of-the-art firewalls, intrusion detection/prevention systems, and an enterprise Security Incident and Event Management solution.
Systems Security: All company devices are secured with full-disk encryption and are centrally managed through Mobile Device Management software. Systems undergo regular maintenance to include configuration audits and vulnerability assessments.
Insider Threat Program: Concentric has developed a bespoke Insider Threat Program that encompasses risk assessments, controls, and continuous monitoring to protect against internal threats.
Cybersecurity Awareness: Concentric ensures all employees receive comprehensive cybersecurity training as part of their onboarding. Ongoing education and social engineering assessments are conducted regularly to ensure employees remain informed and vigilant against emerging threats.