Assurance Portal

• Production infrastructure runs in a contracted, access-controlled colocation data center.
• Systems are maintained on supported operating-system versions, with end-of-life systems remediated.
• Infrastructure is monitored centrally with alerting, health dashboards, and aggregated logging.

Framework Alignment: NIST CSF PR.IR, ID.AM; CIS Control 1; GDPR Art. 32(1)(b); ISO 27001:2022 A.8.14, A.8.6

• Network connections are authorized and monitored through firewall configurations and a centralized integration platform.
• Content filtering blocks malicious or suspicious sites and unapproved public-cloud services.
• Network and security telemetry is aggregated and correlated for centralized monitoring.

Framework Alignment: NIST CSF DE.CM; CIS Control 13, 9; GDPR Art. 32; ISO 27001:2022 A.8.16, A.8.23

• Publicly accessible components are separated from internal systems; public-facing applications are hosted in isolated environments connected only through secure, certificate-based tunnels.
• IoT and operational-technology devices are isolated into restricted, non-routable network zones.
• A web application firewall and DDoS mitigation service protect public-facing applications; this coverage is standard for new builds and is being extended to remaining legacy applications.

Framework Alignment: NIST CSF PR.IR; CIS Control 12, 13; CMMC Level 1 (SC); GDPR Art. 32(1)(b); ISO 27001:2022 A.8.22, A.8.20

• Next-generation firewalls are deployed across all locations with advanced malware prevention and intrusion prevention enabled.
• Communications are monitored and controlled at external and key internal boundaries.
• Firewall rule sets enforce default-deny with authorized exceptions, supported by intrusion detection/prevention and denial-of-service filtering

Framework Alignment: NIST CSF PR.IR, DE.CM; CIS Control 13; CMMC Level 1 (SC); GDPR Art. 32; ISO 27001:2022 A.8.20, A.8.21

• Network equipment is standardized across global locations on centrally managed infrastructure.
• Site-to-site connectivity uses encrypted VPN tunnels.
• Wireless networks use strong, enterprise-grade encryption and authentication.

Framework Alignment: NIST CSF PR.IR; CIS Control 12; GDPR Art. 32; ISO 27001:2022 A.8.20, A.8.21

• A Zero Trust network access (ZTNA) capability and secure web gateway restrict access to verified users and compliant devices.
• VPN access is governed by conditional-access policies, limiting connectivity to trusted, compliant devices and blocking credential-only access from unknown machines.
• Privileged administrative access is further restricted to managed devices.

Framework Alignment: NIST CSF PR.AA, PR.IR; CIS Control 6, 12; CMMC Level 1 (AC); GDPR Art. 32; ISO 27001:2022 A.8.20, A.6.7