Security Capabilities

Comprehensive Data Security and Risk Management

Terrapin Technologies is dedicated to the protection of client data. Robust security capabilities give clients peace of mind knowing that their digital assets are safe. As an aggregator of data, Terrapin is by definition entrusted with large amounts of highly confidential client information and hold the security of that data to be critical.

Terrapin works relentlessly to maintain the confidence of their clients and to stay abreast of all technical and procedural best practices regarding the security of their data. Terrapin continuously enhances the tools and procedures that are used to enforce security and risk management policies. The following is an overview of the key components.

 

SOC 2 Type II Audited

The American Institute of Certified Public Accountants (AICPA) created the SOC 2 standards to govern how service providers, like Terrapin, protect client information. The SOC 2 has become the industry standard when it comes to service organizations having to perform annual compliance audits.

 

AICPA SOC

Risk Mitigation

Terrapin undergoes regular and rigorous internal security audits, penetration testing, and comprehensive client risk assessments. An effective risk management program is an ongoing commitment within Terrapin and an essential component to identify and mitigate threats to information assets.

Data Encryption

Encryption in Transit

  • IDS/IPS – Intrusion Detection and Prevention.
  • SFTP for secure file transmission.
  • PGP encryption for data files.
  • 2048-bit RSA certificates.

Encryption at Rest

  • Data is stored in the proprietary Oracle format.
  • File servers and database files are encrypted using full-disk encryption protocol.

Disaster Recovery

Terrapin has multiple, geographically separated, data centers. All production hardware is replicated in the disaster recovery environment via real-time, bit-level data replication. In the event of a disaster, all operations run in the disaster recovery environment with all critical communication channels duplicated there. Terrapin’s disaster recovery plan undergoes rigorous testing on a quarterly basis.


Recommended Resources:

AICPA SOC for Service Organizations: Trust Services Criteria: https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html
NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
FINRA Report on Cybersecurity Practices: https://www.finra.org/file/report-cybersecurity-practices
SIFMA Cybersecurity Resources: https://www.sifma.org/cybersecurity-resources/