ESAC Program Overview

ESAC Network and Data Security

ESAC's website and reporting systems operate via secure data networks protected by industry standard security monitoring, intrusion prevention password protection systems including the following:

3rd Party Security Audits: performed biannually and after any material network change for network and physical security review of ESAC's website hosting service provider. ESAC's website and application and compliance reporting systems also undergo 3rd party penetration testing and vulnerability assessments annually along with daily scans.

Secure Server ID: provides 256-bit SSL encryption for transmitted data with personally identifiable data encrypted for storage within the database.

Password Controls: encrypted with Triple DES and set to best practices standards related to length, retention and user lockout.

Physical Security: ESAC's web hosting provider maintains secure data center access through biometric technology, CCTV, and physical alarm systems. ESAC's offices are restricted though security card access, guards and physical alarm systems after regular business hours. Network servers are maintained in a secure environment using industry-standard back-up and security procedures and protections.

Non-disclosure/confidentiality agreements: executed by ESAC staff, advisors and service providers involved in verifying a company's compliance with accreditation requirements, as well as by each member of the board of directors. PEO directors do not have access to another PEOs confidential data and applicant or participating PEOs have the right to request the recusal of any director with a potential conflict of interest.

Sharing of confidential information: with state regulators or any other third party is done strictly based on the written request and authorization of the accredited PEO.