SECURITY PRACTICES

At PPF, we take the security of our clients’ and our company’s data very seriously. We believe that it is the responsibility of every company you trust with your data to secure it according to best practices.

To do so, we have partnered with Agency. Agency is the first cybersecurity company that stands behind its protection with over $1M of coverage for real-life cyber incidents backed by two major insurance carriers.

Below is a summary of the precautions we take to protect your data.

AUDIT PRACTICES

PPF undergoes security assessments by both internal personnel and our external security firm Agency who perform regular audits to verify that our security practices are sound and to monitor the services for new vulnerabilities discovered by the security research community.

SECURITY CONTROLS

PPF has implemented and will maintain appropriate measures to protect your data against destruction, loss, or unauthorized access. The following security controls are in place.

  • Network Protection

  • Endpoint Detection & Response (EDR)

  • Endpoint Management (MDM)

  • Employee Password Managers

  • Employee Personal Device Protection

  • Multi-Factor Authentication

MONITORING & LOGGING

We understand that even the best software cannot prevent a security incident without 24/7 monitoring. PPF employs Agency to continuously monitor all security systems, maintain forensic logs, and manage incident response.

  • Dedicated Security Monitoring

  • Security Logs

    • Endpoint Logging

PERSONAL SECURITY POLICY

Our employees are our first line of defense, and we provide them with the best available resources to protect themselves, and the data we hold.

  • 24/7 Employee Access to security support

  • Employee Personal Device Protection

  • Personal Password Managers

DARK WEB MONITORING

PPF uses Agency to monitor the dark web on its behalf for exposure of employee passwords.

  • Dark Web Monitoring

INCIDENT MANAGEMENT

PPF maintains security incident management policies and procedures. In the event of an incident, we will notify all impacted clients, typically by email.

CONFIDENTIALITY

Confidentiality agreements for all employees

Customer data deleted upon request or termination

BUSINESS CONTINUITY

Recurring and periodic backups maintained

INFRASTRUCTURE

At PPF we use a variety of third-party vendors to support our technology infrastructure and operations. We take the responsibility of selecting and vetting these vendors extremely seriously.

  • All infrastructure security fully-vetted

  • Security assessment performed on all critical-third party vendors

VENDORS

We use the following subprocessors to manage certain critical infrastructure for our organization. These have been fully vetted, and are listed below:

  • Salesforce

  • Office 365

  • Dropbox

  • Hubspot

  • Asana