The Convergence Quality Process

Data Security

We ensure the safety of the data we maintain. We have encrypted all the Personal Identification Information (PII) that we store and it is housed in our SSAE 16/ISAE – SOC 1 Type 2 data center. 100% of Convergence’s operations are located in the United States from our fulfillment channels, to operations, data warehousing, customer service and custom programming. You can rest assured that your data is safe and sound with Convergence

SOC 2 – TYPE 2 Certification Ensures Convergence Is Committed To Keeping Your Data Safe

The objective of AICPA’s SOC 2 – TYPE 2 Certification is to verify service organizations have systems in place to ensure the security, availability, processing integrity, confidentiality, and privacy of client data. The AICPA performed a thorough review of Convergence’s policies and procedures beginning with the handling of incoming calls, through the results researchers deliver to clients, and finally the controls management has instituted to monitor the overall process.

The AICPA’s review covered a number of Convergence’s policies that were especially effective in ensuring the safety and integrity of client data which include:

Management Philosophy

Senior management places the utmost importance on the security of personal identification information as evidenced by the creation of an Information Security Group that meets annually and reports to the Board. The group, under the direction of the Convergence Board, oversees the security activities of Convergence and establishes overall security policies and procedures.

Security Management

Consisting of a security officer and members, an Information Security Team is responsible for management of information security and closely monitors security procedures throughout the organization. They are responsible for developing, maintaining, and enforcing Convergence’s security policies including reviewing known incidents and patches as well as results vulnerability assessments and addressing necessary changes to policies.

Change Management

A formalized change management system is in place which requires identification and recording of significant changes, assessment of risk and the potential effect of such changes, approval of proposed changes, and testing of changes to verify operational functionality. Proposed changes are evaluated to determine if they present a security risk and what mitigating actions, including employee and user entity notifications, must be performed.

Protected Infrastructure

Convergence’s production system is made up of a virtualized environment. All machines are Microsoft Server 2012 or later operating systems with a Microsoft SQL Server as the backend database. The system is hosted at Flexential (formerly Peak 10) on a Dell VRTX machine with multiple individual computers and onboard SAN. The Flexential facilities employ backup power generators, air conditioning systems, fire detection and suppression systems, and environmental monitoring and alert notification systems.

System Access

Role-based security is implemented to limit and control access within systems. Employees are granted logical and physical access to in-scope systems based on approvals by appropriated management personnel. The ability to create or modify user access accounts and user access privileges is limited to authorized personnel. Employees access the system through the web-based operations console with access to any network resource restricted to the network or VPN sign on remotely. Employee access is monitored by video surveillance and on-site personnel, and it is controlled through the use or card reader systems, codes and biometric readers.

For additional information about how Convergence protects the integrity of client information, click here to download the complete SOC 2 – TYPE 2 Report.