Top Hat takes user data security extremely seriously and we have numerous technical and operational measures in place to ensure that customer data remains safe. We’re committed to being transparent about our security practices and helping customers understand our approach.
Top Hat’s security practices apply to all members of staff, independent contractors, and anyone with direct access to our internal systems and/or unescorted access to Top Hat’s office space. Before gaining initial access to systems all employees must agree to confidentiality terms and pass a background screening.
Upon termination of employment at Top Hat, all access is removed immediately.
Policies and Standards
Top Hat maintains a set of 12 related policies and procedures as part of our Information Security Management System. These policies and procedures help ensure that our customers can rely on Top Hat employees to behave ethically and for our services to be operated securely. Topics covered by these policies include but are not limited to:
- Classification, labeling, and handling rules for all types of data
- Data retention periods and processes
- Processes for periodic review of access to data
- Response plans for security incidents
Top Hat adheres to the principle of least privilege – employees are given access only to the data that they must handle in order to fulfill their current job responsibilities. Employees are granted access to a small number of internal systems upon hire, but any requests for additional access must be approved by the system owner or their direct manager.
Where possible, Top Hat employs multi-factor authentication for administrative access to systems containing any sensitive data.
Disaster Recovery and Business Continuity
Top Hat has disaster recovery and business continuity plans that are reviewed and revised annually. We use services provided by our hosting provider to distribute our production operations across four separate physical locations, and to provide redundant power and network connectivity. Top Hat also stores backups in a separate location more than 500 kilometers from our primary operating environment.
Third Party Service Providers
Top Hat uses third party providers for some aspects of our operations. Where those organizations may impact the security of our production environment or customer data, we take appropriate steps to ensure that Top Hat’s security posture is maintained. Top Hat establishes agreements with all third party providers that require them to adhere to confidentiality commitments we make to our customers.
Security Incident Response
Top Hat has documented policies and procedures including step by step guides for responding to security incidents. All incidents are managed by our production operations team, who classify them according to severity and determine steps required for remediation. These procedures are reviewed and updated annually.
Top Hat infrastructure is hosted on Amazon Web Services (AWS). The AWS data centers are equipped with multiple levels of physical access barriers including:
- Outer perimeter fencing that is crash rated for vehicles
- Electronic access cards
- Video surveillance
- Internal trip lights
For more information on AWS security processes, see this whitepaper. No Top Hat employee has physical access to any AWS data centers, servers, networking equipment, or storage.
The Top Hat offices are access controlled by electronic access cards, and all employees are required to wear identification badges at all times in the office.
Technical Security Measures
All Top Hat data in transit over public networks uses strong encryption. This includes any and all data transmitted between Top Hat clients and servers. Top Hat systems support the latest recommended secure cypher suites and only allow encrypted traffic from clients.
Data at rest is encrypted using FIPS 140-2 compliant encryption standards. This includes all relational databases, file stores, backups, etc. Keys are generated using Hardware Security Modules and are never stored alongside any other customer or Top Hat data.
Top Hat divides systems into separate networks to ensure that customer data is kept separate from test and development data. Systems intended for testing and development activities are hosted in a separate network segment and managed in a separate AWS account. Any customer data submitted to Top Hat is only permitted to be stored in our production environment. Administrative access to the production environment is limited to engineers and support staff with a specific business need.
Access to Top Hat’s production environment is severely restricted. Most systems are only accessible via dedicated load balancers on ports 443 or 80 and application servers are all given private, non-routable IP addresses.
Secure Development Lifecycle
Any and all changes to Top Hat’s production code or infrastructure are subject to code review. Top Hat’s application servers are launched from known-good images which are updated frequently with the latest code and operating system patches. All configuration changes are performed via a configuration management tool and reviewed via the same process as our application code. Top Hat also employs dependency vulnerability monitoring to ensure that third party code we rely on does not contain any known security vulnerabilities.
Logging and Monitoring
All access to production systems is logged and monitored by Top Hat’s operations team. We review and approve each request for elevated access in the production environment to ensure that it meets a legitimate business need, and this access expires automatically. Additionally, any direct system access to production servers requires a private key that has been countersigned by one of our administrative users. Top Hat’s operations team provides 24/7 support through our on call rotation and we have several dozen alarms in place to ensure that all systems are operating as expected.
File and Database Backups
All production database instances having streaming backups via database replicas in addition to daily full snapshots. These backups are stored in a separate AWS account which is protected by a multi factor authentication token available only to a limited number of executive staff. File backups are streamed continuously to the same backup account for disaster recovery purposes. All backups are encrypted with separate keys from the original production data and are stored in a different geographical region. Top Hat performs backup restoration drills at least annually to verify the process and ensure that we can recover quickly in case of disaster.
Top Hat takes the security of its user’s data seriously, and we are committed to ensuring that all customer data is kept secure and confidential.