ESX, Inc is committed to ensuring the confidentiality, integrity, and availability of our digital assets. This policy outlines the measures we have implemented to protect our infrastructure—including our dedicated hardware hosted at Rackspace.

Confidentiality: Prevent unauthorized access to sensitive information.

Integrity: Maintain the accuracy and consistency of our data.

Availability: Ensure reliable access to systems and services.

Compliance: Adhere to all relevant US regulations and industry standards.

Chief Information Security Officer (CISO): Oversees our security strategy.

IT Security Team: Implements and monitors our security controls.

System Administrators: Manage secure system configurations and updates.

All Employees: Follow security protocols and report potential issues.

Rackspace Data Centers: Our infrastructure is hosted at Rackspace facilities that offer:

• Controlled Access: Biometric and keycard access controls.
• 24/7 Surveillance: Continuous monitoring and on-site security.
• Environmental Controls: Fire suppression, backup power, and other safeguards.

Collaboration: We work closely with Rackspace to ensure their robust physical security measures are fully integrated with our internal policies.

Perimeter Protection: Firewalls and intrusion detection/prevention systems guard our network boundaries.

Secure Communications: All data is transmitted via encrypted channels (e.g., VPN, TLS 1.2/1.3).

Network Segmentation: Critical systems are isolated from less sensitive environments.

Authentication: Multi-factor authentication (MFA) is required for accessing critical systems.

Authorization: Role-based access controls (RBAC) ensure users receive only the permissions necessary for their roles.

Account Management: Regular reviews ensure prompt adjustment of user access as roles change.

Encryption: Data at rest is secured using AES-256 and data in transit is protected via TLS encryption.

Backup and Recovery: Regular backups are conducted and restoration processes are periodically tested.

Privacy Compliance: Our practices meet all applicable US data protection laws and regulations.

Secure Development: We follow secure coding practices and conduct regular code reviews.

Patch Management: Timely updates and patches are applied to mitigate vulnerabilities.

Security Testing: Routine vulnerability assessments and penetration tests help identify and address potential issues.

Incident Response Plan: A structured plan is in place to address, contain, and resolve security incidents.

Reporting Procedures: Employees are encouraged to report any suspicious activity immediately.

Continuous Improvement: Post-incident analyses help refine our security measures over time.

Continuous Monitoring: Our systems are continuously monitored for unusual activity.

Comprehensive Logging: Detailed logs support forensic investigations.

Regular Audits: Periodic security audits ensure compliance with our policy.

State-of-the-Art Security: Rackspace’s facilities provide robust physical and network security controls.

Ongoing Collaboration: We maintain regular communication with Rackspace to align security strategies and address emerging issues.

Regulatory Compliance: Our policies conform to US laws and recognized frameworks such as NIST and ISO 27001.

Employee Training: Regular security awareness training ensures staff are informed about best practices and emerging threats.

This policy is reviewed annually and updated as necessary to address new risks and technological advancements. All updates are approved by our executive management team.

For any questions or concerns regarding our security practices, please contact our IT Security Team at security@esxinc.com.