Security Capabilities

Comprehensive Data Security and Risk Management

Terrapin is dedicated to protecting our client’s data. Our robust security capabilities give our clients peace of mind knowing that their digital assets are safe. As an aggregator of data, we are by definition entrusted with large amounts of highly confidential client information and hold the security of that data to be critical.

We work relentlessly to maintain the confidence of our clients and to stay abreast of all technical and procedural best practices regarding the security of their data. We continuously enhance the tools and procedures that are used to enforce our security and risk management policies. The following is an overview of the key components.

 

SOC 2 Type II Audited

The American Institute of Certified Public Accountants (AICPA) created the SOC 2 standards to govern how service providers, like Terrapin, protect client information. The SOC 2 has become the industry standard when it comes to service organizations having to perform annual compliance audits.

 

AICPA SOC

Risk Mitigation

Terrapin undergoes regular and rigorous internal security audits, penetration testing, and comprehensive client risk assessments. An effective risk management program is an ongoing commitment within Terrapin and an essential component to identify and mitigate threats to information assets.

Data Encryption

Encryption in Transit

  • IDS/IPS – Intrusion Detection and Prevention.
  • SFTP for secure file transmission.
  • PGP encryption for data files.
  • 2048-bit RSA certificates.

Encryption at Rest

  • Data is stored in the proprietary Oracle format.
  • File servers and database files are encrypted using full-disk encryption protocol.

Disaster Recovery

Terrapin has multiple, geographically separated, data centers. All production hardware is replicated in the disaster recovery environment via real-time, bit-level data replication. In the event of a disaster, all operations run in the disaster recovery environment with all critical communication channels duplicated there. Terrapin’s disaster recovery plan undergoes rigorous testing on a quarterly basis.


Recommended Resources:

AICPA SOC for Service Organizations: Trust Services Criteria: https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report.html
NIST Cybersecurity Framework: https://www.nist.gov/cyberframework
FINRA Report on Cybersecurity Practices: https://www.finra.org/file/report-cybersecurity-practices
SIFMA Cybersecurity Resources: https://www.sifma.org/cybersecurity-resources/