Our production equipment is collocated in Geneva, Switzerland at a facility that provides 24-hour physical security, palm print and picture identification systems, redundant electrical generators, redundant data center air conditioners, and other backup equipment designed to keep servers continually up and running.

The network perimeter is protected by multiple firewalls and monitored by intrusion detection systems — all sourced from industry-leading security vendors. In addition, SourcingParts monitors and analyzes firewall logs to proactively identify security threats. SourcingParts also contracts with a third-party security firm that proactively monitors our security configurations for changes, vulnerabilities, and errors and regularly conducts vulnerability threat assessments including penetration tests.

SourcingParts leverages the strongest encryption products to protect customer data and communications, including 128-bit Verisign SSL Certification and 1024-bit RSA public keys. The lock icon in the browser indicates that data is fully shielded from access while in transit.

Users access SourcingParts only with a valid username and password combination, which is encrypted via SSL while in transmission. Users are prevented from choosing weak or obvious passwords. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.

Our robust application security model prevents one SourcingParts customer from accessing another's data. This security model is reapplied with every request and enforced for the entire duration of a user session.

Inside of the perimeter firewalls, the systems are safeguarded by network address translation, port redirection, IP masquerading, non-routable IP addressing schemes, and more. The specific details of these features are proprietary.

SourcingParts enforces tight operating system-level security by using a minimal number of access points to all production servers. We protect all operating system accounts with strong passwords, and production servers do not share a master password database. All operating systems are maintained at each vendor's recommended patch levels for security and are hardened by disabling and/or removing any unnecessary users, protocols, and processes.

Whenever possible, database access is controlled at the operating system and database connection level for additional security. Access to production databases is restricted to a limited number of points, and production databases do not share a master password database.

All data entered into the SourcingParts application by a customer is owned by that customer. SourcingParts employees do not have direct access to the SourcingParts production equipment, except where necessary for system management, maintenance, monitoring, and backups. SourcingParts does not utilize any managed service providers. The SourcingParts systems engineering team provides all system management, maintenance, monitoring, and backups.

All networking components, SSL accelerators, load balancers, Web servers, and application servers are configured in a redundant configuration. All customer data is stored on a database served by a database server cluster for redundancy. All customer data is stored on carrier-class disk storage using RAID disks and multiple data paths. All customer data, up to the last committed transaction, is automatically backed up to a primary tape library on a nightly basis. Backup tapes are immediately cloned to verify their integrity, and the clones are moved to secure, fire-resistant, off-site storage on a regular basis.