STP maintains a comprehensive information security program, which includes a formal written information security policy and incident response plan. STP is committed to protecting the security, confidentiality, integrity, and availability of its information resources against: (1) theft or misuse; (2) unlawful, accidental or unauthorized disclosure, loss or destruction; (3) unauthorized or unlawful access; and (4) other compromise.
STP’s goal in developing and implementing an information security program is to protect all information resources in a manner consistent with industry standards and our legal obligations. Highlights of our information security program include:
- Annual employee training on information security policies and procedures, including data security best practices.
- Physical security measures at main office locations.
- Data access restrictions.
- Due diligence on all critical third-party service providers regarding performance and data security protocols.
- Industry-standard software protection (malware, anti-virus, spam) for hardware, networks, and equipment.
- Third-party vulnerability assessments and penetration testing.
- Continuous intrusion detection.
- Real-time intelligence from multiple information security sharing sources.
Additionally, STP maintains a Risk Committee and Incident Response Team to oversee and monitor information security risks.