Sand Solutions recognizes that many of its clients work as contractors or sub-contractors to multiple government agencies. In all environments, Sand Solutions assures that its best practice policy integrates the highest standard of compliance and adherence with the expectations of its clients and the government agencies they serve. We recognize that we are entrusted with your intellectual property as such it is the policy of Sand Solutions to hold all Customer data subject to the code of Federal Regulations Chapter 22 ITAR. We will never sell, resell, divert, transfer, ship or make Customer data available to a foreign national within the United States, or otherwise dispose of Customer data in any other country outside of its intended destination, either in original form or after being incorporated through an intermediate process into other data without the proper written approval of our Customer and the DOS.
Sand Solutions on a regular basis reviews its compliance practices and as appropriate aligns such practices to meet the expectations of its clients.
Assuring ComplianceRecognizing the responsibility Sand Solutions has to assuring compliance, our internal best practices insist we remain compliant with ITAR, HIPPA and PCI DSS. Compliance extends to procedures, policies, employee performance and our two data centers. Highlights of Sand Solutions compliance and security include:
- Password Safe software stores confidential access information.
- Employee laptops are equipped with:
- Biometric fingerprint reader as primary authentication
- Password secondary authentication
- New employees or affiliates receive a 3rd party Background Screening prior to engagement that includes the following:
- Criminal History Screening
- National Criminal Database
- Identity Verifications.
- Only U.S. Citizens are hired as employees and affiliates.
- Secure-VPN is used for remote connections internally and all browser based software uses secure SSL Internet access.
- Client data is stored in one of two compliant U.S. Data Centers inside the United States where server hardware and software are collocated and managed by our employees.
- SOC 1/SOC2 (2015) and HIPPA (2015) Compliant
- PCI Compliant
- Client access to applications centered around Deltek is encrypted over Secure-Socket-Layer (SSL) certificates with TLS 1.1/1.2 protocol implementations as mandated by the NIST.
- Deltek Costpoint implementations utilize Database, Single-Sign On or Active Directory authentication where the Costpoint Security Filter issues a “Nonce” or “value used in security protocols that is never repeated with the same key” as part of Token Input Data.