STACK is rated by BBB (Better Business Bureau) with A+, which is the highest rating available. BBB assigns ratings by evaluating businesses against a large set of criteria, with the goal of offering consumers and businesses alike an unbiased source to guide them on matters of trust.
STACK is PCI DSS compliant. PCI DSS is the most important security standard for the card payment industry and includes a set of comprehensive requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
SecurityScorecard is the global leader in cybersecurity ratings and the only service with millions of organizations continuously rated. SecurityScorecard Ratings offer easy-to-read A-F ratings across ten groups of risk factors including Network Security, DNS Health, Patching Cadence, Endpoint Security, IP Reputation, Application Security, Cubit Score, Hacker Chatter, Information Leak, and Social Engineering.
The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings. STAR encompasses the key principles of transparency, rigorous auditing, and harmonization of standards outlined in the Cloud Controls Matrix (CCM).
We realize that your business depends on submitting accurate and timely bids, and are committed to delivering a system with industry-leading security, availability and reliability. This document outlines the infrastructure and operational best-practices STACK employs to safeguard our customers’ data and achieve our guaranteed 99.9% uptime.
STACK contracts with the leading cloud service providers to host all customer data in physically secure data centers with redundant power supplies and internet backbone connections.
STACK team member access to customer data is restricted based by job function. Team members are provided with the minimum access required to perform their duties.
All communication between the customer’s browser and the STACK application is encrypted while in transit. Sensitive customer data such as passwords are encrypted at rest, and are unavailable to any STACK team member.
The STACK team monitors site access logs daily, and triages any suspicious or unusual activity.
Critical components of the STACK web application are hosted in two data centers on opposite sides of the United States. In the case of one datacenter becoming incapacitated, the STACK operational team can redirect customers to the other datacenter with minimal downtime.
STACK servers are redundant by role, with multiple servers of each role available to serve customer requests at all times.
The STACK platform will scale and add capacity, either automatically or by instruction of the operations team, as needed to accommodate customer workloads in a timely manner.
Critical user and application data is backed up continuously, and backups are maintained for at least 30 days.
Customer plan and document data is replicated in triplicate, so that any failure of the underlying storage system will not result in data loss.
The STACK team performs daily reviews of key application performance and availability metrics, and triages any deviations from normal.
We appreciate that you trust STACK with your business-critical information, and we take this responsibility very seriously. You can see our real-time and historical uptime and availability information here (status.stackct.com) on our status page. Should you have any questions, don’t hesitate to contact your CSM.