Compliance and Security

To ensure that our clients receive not-only a powerful set of IAM cloud capabilities, but also a compliant and secure experience, we’ve taken extensive measures in developing both the logical and physical controls of the service.

Lighthouse Security Group, LLC, and the Lighthouse Gateway™ services, are externally audited on an annual basis for compliance with SSAE 16 (formerly known as SAS70 Type II) guidelines. This audit ensures that our physical and logical controls, processes, and technology have been thoroughly inspected and reviewed for compliance. As a component of these audits, we require that all aspects of our service, including engineering, support, datacenter, and operations all meet the same high standards.

Lighthouse Gateway services have been engineered to be readily compatible with industry regulations, such as SOX, PCI, and HIPAA.  This means that services you receive will employ the appropriate technologies and controls that enable your organization to become and remain compliant with industry and government regulations.

Because Lighthouse Gateway is built upon market-leading IBM Tivoli software, your organization can also be confident in the quality of the underlying software. Common Criteria certified at EAL 3 and above, the Gateway’s IBM software foundation has been thoroughly vetted for maturity and code security covering the software development lifecycle. Likewise, the Gateway’s services are routinely maintained, ensuring that the latest configurations and software patches are always available.

Lighthouse Gateway datacenters are SSAE 16 (formerly known as SAS70 Type II) and Cybertrust certified, ensuring both physical and logical security controls are routinely audited and meet the highest level of industry standards. Lighthouse Gateway operations also include equally-certified Disaster Recovery (DR) facilities, with primary and DR locations employing the following controls:

  • Availability
    • 24x7x365 Network Operations Center (NOC)
    • Tier 3 and 4 Conforming Infrastructure
    • Redundant Power for all Services
    • Redundant ISP Connectivity
    • Dry Suppressant Fire Control Systems
    • Redundant Cooling
    • Standby Diesel Power Generators
  • Security
    • End-to-End Encrypted Network
    • AES Encryption and Non-Reversible Hashing on Storage Services
    • Biometrics and Proximity Card Man Traps
    • Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) Applied for Service Hardening