SECURITY POLICY

Data Security Policy

Orange ISP’s products are built with security at their core.

Data Storage Site Security

We prioritize the security of your data with robust physical safeguards across all storage locations, including data centers, offices, and off-site facilities.

Our Commitment to Physical Security
  • Restricted Access – Only authorized personnel can enter our data centers, where customer data is hosted. Access is strictly controlled and verified through biometric authentication.
  • Advanced Security Measures – Our data centers are protected by on-site security guards, 24/7 closed-circuit video surveillance, man traps, and intrusion prevention systems, ensuring round-the-clock security.
  • Business Continuity & Disaster Recovery – To maintain seamless service, we operate a comprehensive continuity and disaster recovery program. Our plans undergo rigorous annual testing and reviews, ensuring quick recovery and uninterrupted service in case of emergencies.

Your data’s safety is our top priority—ensured by cutting-edge security protocols and proactive risk management.

Network Security

We ensure that your data remains protected against unauthorized access or infiltration, whether from internal or external threats.

Our Security Measures Include:

  • Regular Vulnerability Assessments – We conduct routine internal and external vulnerability scans, proactively identifying risks and notifying the relevant data exporter of any issues.
  • Robust Perimeter Defenses – Our networks are safeguarded with firewalls and data loss prevention (DLP) solutions, forming a strong first line of defense against cyber threats.
  • Advanced Internal Security Monitoring – We leverage Security Information and Event Management (SIEM) systems to analyze log files, detect anomalous behavior, and identify potential threats in real time.

With multi-layered security protocols and continuous monitoring, we keep your data secure, resilient, and protected from evolving cyber risks.

Platform Security

We implement cutting-edge security protocols to safeguard the technology storing your data—including servers, workstations, laptops, cloud services, and portable media—against known threats, ensuring continuous protection and resilience.

Our Security Measures Include:

  • Comprehensive Threat Protection – We deploy up-to-date antivirus and anti-malware solutions across all operating systems, ensuring continuous defense against cyber threats.
  • Secure System Configurations – Our security policies enforce hardened configurations for all operating systems, reducing vulnerabilities and enhancing resilience.
  • Proactive Security Monitoring – Utilizing Security Information and Event Management (SIEM) systems, we analyze log files in real-time, detecting anomalous behavior and potential threats before they escalate.

With multi-layered protection and proactive security measures, we ensure your data remains secure, resilient, and shielded from evolving cyber risks.

Data Access

We enforce rigorous access controls to ensure that only authorized personnel can access your data, utilizing advanced authentication methods and strict security protocols to prevent unauthorized access.

Our Access Control Measures Include:

  • Secure Authentication – Access to IT systems hosting your data requires unique usernames and passwords, with multi-factor authentication (MFA) for remote access, ensuring only verified users can log in.
  • Strict Password Policies – We enforce non-sharing policies and mandate regular password updates in line with industry best practices, minimizing security risks.
  • Authorized & Approved Access Only – Access to your data is strictly authorized and reviewed, ensuring compliance with security policies.
  • Clear Role Segregation – We implement segregation of duties, ensuring users have only the access necessary for their role, reducing the risk of unauthorized data handling.
  • Least Privilege Access – Access is granted based on the principle of least privilege, ensuring employees only have minimum access necessary to perform their tasks.
  • Immediate Access Termination – When access is no longer required, it is promptly revoked, preventing unauthorized entry.

With robust authentication, stringent access policies, and continuous monitoring, we ensure your data remains secure and accessible only to authorized personnel.

Data Processing

We uphold strong security practices when processing your data, ensuring compliance, protection, and continuous improvement in our security protocols.

Our Security Measures Include:

  • Enforcing Secure Data Handling Policies – We maintain and implement strict policies on the secure management and protection of data. These policies are reinforced through regular awareness training, ensuring all Orange ISP employees understand and adhere to security best practices.
  • Security-Focused Developer Training – Our developers receive ongoing training and updates in secure coding techniques, equipping them with the latest knowledge to identify and mitigate security vulnerabilities in applications and systems.

By integrating comprehensive security policies, continuous education, and best coding practices, we ensure your data is processed securely and responsibly.

Staff and 3rd Party Security Procedures

We are committed to maintaining the highest level of integrity and security for all personnel who have access to your data. We implement strict vetting processes, enforce clear policies, and uphold a culture of transparency to safeguard your information.

Our Security Measures Include:

  • Employee Reliability Assessments – We evaluate the trustworthiness and reliability of all Orange ISP employees who handle personal data.
  • Comprehensive Background Checks – We conduct thorough background screenings and foster a 100% transparency culture, starting from senior leadership and extending throughout the organization.
  • Strict Data Handling Policies – We enforce clear and comprehensive policies on secure data management, ensuring all employees are trained and aware of their responsibilities in protecting sensitive information.
  • Confidentiality Agreements – Before accessing any data, employees and contractors must sign strict confidentiality agreements, reinforcing their commitment to data privacy and security.
  • Policy Reviews & Security Enhancements – We regularly review and update our policies to ensure that the highest security measures remain in place and continuously evolve with industry standards.
  • Third-Party Compliance – Any third party handling your data must adhere to Orange ISP’s minimum security controls, ensuring alignment with our strict information security policies.

Through rigorous personnel screening, strong policies, and continuous security enhancements, we ensure that only trusted individuals access your data with the highest level of integrity.

Availability and Continuity

We have implemented a robust data breach response framework to ensure swift detection, containment, and resolution of any security incidents. Our proactive approach minimizes risks and ensures compliance with legal and industry standards.

Our Data Breach Response Process:

  • Detection – We quickly identify and assess security incidents, establishing the facts of the breach and creating a diagnostic, containment, and communication plan for affected parties.
  • Containment – Immediate actions are taken to limit the scope and impact of any data compromise, preventing further exposure.
  • Eradication – If malicious elements such as hostile code or unauthorized configurations are involved, they are swiftly identified and removed to eliminate threats.
  • Recovery – Systems and data are restored to a secure, known-good state, ensuring that vulnerabilities are not reintroduced during the process.
  • Review & Prevention – A detailed post-incident analysis is conducted to identify root causes, enhance security measures, and prevent future occurrences.
  • Notification & Compliance – All relevant stakeholders are informed of the breach in accordance with legal obligations and industry best practices, ensuring transparency and accountability.

With proactive monitoring, rapid response, and continuous improvement, we ensure that your data remains protected and that security incidents are managed with precision and efficiency.

Staff and 3rd Party Security Procedures

Ensuring system availability as our highest priority. We operate multiple geographically distributed data centers and have implemented strong disaster recovery and business continuity strategies. Each client can customize their disaster recovery plan with flexible options tailored to their recovery speed and availability needs. For more details on our service levels, please refer to our Service Level Agreement or connect with your account team.

Security Built upon a Strong Foundation

As a comprehensive cloud-native platform, we harness cutting-edge security from Orange ISP and Google Cloud to ensure the highest level of protection for both your data and our products.

Orange ISP is built on a robust, multi-homed infrastructure with diverse, redundant 10+Gbps and 1Gbps links, seamlessly cross-connected to top-tier fiber optic networks, including Verizon, AT&T, GTT, Hurricane Electric, Internap, Cogent, and Spectrum. This powerful foundation ensures blazing-fast cloud response times, exceptional uptime, and ultra-low latency, optimizing performance for business operations, customer systems, and end-user experiences.

Orange ISP is an American family-owned, small business, equal opportunity employer, and privately held corporation based in Los Angeles.