CoreLogic Protect is committed to protecting the confidentiality, integrity, and availability our DASH, MICA, SettleAsist, MoistureMapper, and Luxor customers’ data. We partner with World Class Data Center Providers that heavily invest in cyber security ensuring that our customer data resides in a highly secure environment. These data centers are independently audited and have attained the following world-wide recognized security framework and quality management certifications:
- SOCS Type 2 1, 2, 3
- ISO 27001:2013
- ISO 9001:2015
These partners also enable us to deploy critical security systems including Azure Sentinel (SIEM), Azure Web Application Firewall and Azure Security Center to continuously protect, monitor and alert on security. These Microsoft Azure systems continuously monitor infrastructure for anomalies using state-of-the-art machine learning. Finally, Next Gear also engages with industry leading security firms to conduct manual penetration and automated vulnerability scanning on our applications.
CoreLogic adheres to NIST framework security standards for all operational and development process security activities. All applications have a well-define system development life cycle and change management process. Our software is developed and then put through a very thorough quality assurance process to ensure our high-quality standards. All Next Gear software products are rigorously security tested through Veracode’s Application Security Program engine. All applications are scanned regularly using the Veracode engine to ensure that our applications meet or exceed Open Web Application Security Project (OWASP) best practices. This includes both a scan of the application code as well as the web application infrastructure. In addition, we have deployed Intruder vulnerability scanner to continuously scan infrastructure endpoints for over 9000 known vulnerabilities and growing. The Intruder system adds newly discovered vulnerabilities daily.
All scoped data is encrypted whether at-rest or in transit. Next Gear uses AES256 encryption algorithm for data at-rest. This includes file storage as well as database data. Data in transit is encrypted via secure RSA 2048 certificate using web TLS 1.2 and above. Next Gear encryption keys are securely managed via Azure Key Vault.
We employ a team of expert site reliability engineers and database administrators who are continually patching (every 30 days), performance tuning, and managing all Next Gear Solutions systems 24x7x365. All scoped production systems are configured for threat and vulnerability monitoring and alerts are sent to this group for investigation of root cause.
Finally, we engage with third-party security vendor to conduct manual penetration testing on an annual basis. All findings from the penetration test are investigated and remediated. In addition we have engaged an external auditor and is working on obtaining SOC 2 Type II certification. We anticipate that certification will be complete in Q4 of 2022 following a 9-month audit period.
Rest assured we take the security of our customers’ data very seriously.
We pride ourselves in a consultative approach to ensure your teams are realizing the value in the tools you’ve invested in. Whether its onboarding your existing team when you first sign on, hire new employees, or want on going training to become a power user, we are here to partner with along the way. Please visit our Training and Implementation page for specific details.