- Use a role-based security model within each business unit that allows customers to control what security rights they grant to each of their users.
- Design security to include strong password policies, such as unique passwords and GUIDs, especially in the case of multi-tenancy.
- Employ outside security vendors to scan the provider’s network on a quarterly basis looking for vulnerabilities that could result in a breach of security.
- Have published maintenance windows and change control policies and procedures in place.
- Comply with PCI, Safe Harbor, Section 404 (SOX), SAS70, FCC (CPNI), and other FTC regulations.
- Physically secure data centers by card key access, biometric scans, and video surveillance.
- Ensure antivirus software is maintained and updated through a regular process on all corporate and production machines.