Security Policies

• Data Protection: All data is encrypted in transit using modern protocols (TLS 1.2+). User credentials (such as passwords) are encrypted and securely stored in our database using industry-standard hashing methods. Other user data (such as preferences and lift planning information) is stored in plain text within our systems but is protected by strict access controls and network security measures to prevent unauthorized access.
• Access Controls: Role-based permissions, secure authentication, and least-privilege principles are enforced across systems.
• Network Security: We employ a layered defense strategy to protect against unauthorized access. This includes:
  • Proactive vulnerability prevention measures, including safeguards against SQL Injection, Cross-Site Scripting (XSS), and other common web application security risks.
  • Firewalls to filter and block malicious traffic
  • Intrusion detection and prevention systems to monitor unusual activity
  • Continuous monitoring and logging of critical systems
  • Regular vulnerability scans and penetration testing
• Incident Response: A formal plan is in place for identifying, responding to, and mitigating security incidents.
• Employee Training: Staff receive regular cybersecurity awareness training and are required to follow internal security protocols.
• System Hardening: Regular patching and vulnerability scanning help maintain secure environments.

We continually review and update these practices to align with evolving security standards.

Data Center

A1A Software's websites and their associated data is hosted at Zimcom's state-of-the-art data center in Cincinnati. Zimcom's datacenter undergoes regular 3rd party audits in accordance with SSAE-16 SOC1 and SOC2 compliance standards, in addition to maintaining design and control practices that adhere to ISO, HIPAA and PCI compliance. Learn more about their data centers at zimcom.net.

Key features of Zimcom’s hosting environment include:

• Certifications and Compliance:
  • SSAE 16 (SOC 1 Type II) compliant for internal control assurance.
  • PCI DSS compliant (Sections 9 & 12) to help ensure the security of credit card transactions.
  • ISO 27001 certified for information security management.
  • FISMA compliant, supporting federal data protection standards.
  • HIPAA compliant to safeguard protected health information (PHI).
  • LEED Certified by the U.S. Green Building Council for sustainable design.
• Physical Security: 24×7×365 facility monitoring with on-site security guards and restricted access to critical areas.
• Network Reliability: High-speed connectivity and carrier-neutral architecture to reduce latency and improve uptime.
• Environmental Protections: Reinforced physical structure built to Fujita F2 wind rating, including fire suppression, temperature management, and humidity control to safeguard hardware and data.
• Redundant Infrastructure: Redundant cooling and power systems, including backup power generation.

By partnering with Zimcom, we help ensure that user data and application availability are supported by enterprise-grade infrastructure in an audited environment that supports multiple layers of compliance across industries.

Hardware & Network Provider

A1A Software’s hardware and network infrastructure are supported by Powernet, a full-service IT managed services provider. Powernet delivers enterprise-grade support in the following areas:

• 24/7 Monitoring & Proactive Support: Powernet continuously monitors network devices, endpoints, servers, and critical infrastructure to detect and resolve issues before they impact service.
• Network Management: They maintain LAN/WAN network architecture, routers, switches, wireless access points, and traffic routing to ensure connectivity and network health.
• Endpoint & Server Management: They handle workstation monitoring, server maintenance, patching & updates, backup & recovery services to protect data and system integrity.
• Security Services: Including managed firewalls, managed detection & response (MDR), SIEM monitoring, and employee security awareness training.
• Scalability & Reliability: Their infrastructure adapts as our usage grows, ensuring network and hardware resources scale appropriately without sacrificing performance.

By partnering with Powernet, A1A Software benefits from hardened, well-managed network and hardware infrastructure with redundancy, proactive oversight, and established security practices.

PCI Compliance

Although A1A Software itself does not store cardholder data, we work with trusted third-party payment processors that are PCI DSS compliant. To reinforce this compliance, our internal PCI-related policies cover:

• Scope Definition: Ensuring cardholder data is never stored, transmitted, or processed directly by our systems.
• Access Management: Restricting access to payment systems to authorized personnel only.
• Encryption & Transmission: Payment data is encrypted using industry-standard methods when transmitted to payment processors.
• Monitoring & Testing: Regular review of security controls and third-party compliance certifications.
• Annual Review: PCI DSS compliance is verified annually, and policies are updated accordingly.

Users can be confident that payment information is processed securely in accordance with PCI standards.

Compliance & Standards

A1A Software strives to meet or exceed industry best practices by referencing widely recognized standards, including:

• ISO/IEC 27001 principles for information security management
• NIST Cybersecurity Framework (CSF) for risk identification and mitigation
• GDPR and CCPA considerations for data handling (where applicable)

Updates & Revisions

Our security and compliance policies are reviewed at least annually, or sooner if regulations, technologies, or business processes change. Updates will be published on this page.