Please read this client services security and privacy policy carefully.

Scope

Solutions (CCS). CCS is committed to protecting your privacy when you visit its web pages or access its services. This statement is intended to inform you about what information CCS collects while users access CCS services, how CCS utilizes this information, and user options concerning the same. The information disclosed in this statement is subject to change periodically at the sole discretion of CCS. Continued use of our site implies understanding and acceptance of this privacy statement.

Authorization

Contact Authorization

Choice Cyber Solutions (CCS) is committed to protecting and respecting user privacy, and will only use personally identifiable information (PII) to administer user accounts and to provide CCS products and services. CCS may occasionally contact users about company products, services, and other content of potential interest. By consenting to receive communications from CCS, users consent to these forms of contact.

Data Storage Authorization

In order to provide CCS content, CCS needs to store and process user personal data. This includes, but is not limited to, names, email addresses, company information and Internet Identifiers. Users consent to CCS storing personal data for this purpose by agreeing to receive communications from CCS.

Unsubscribe

Users may unsubscribe from CCS communications at any time by selecting “Unsubscribe from all future emails” at the footer of email communications or by emailing info@choicecybersolutions.com. For more information on CCS privacy practices, how to unsubscribe,  and how CCS is committed to protecting and respecting user privacy, please review the CCS Privacy Policy.

Correcting, Updating, Deleting, and/or Deactivating Personal Information

If a customer’s personally identifiable information (PII) changes, or if a user no longer subscribes to CCS services, CCS provides a way to correct, update or delete/deactivate user PII after written notice is provided.

Privacy Policy

Information Collection

CCS is the sole owner of the information collected through this website. CCS collects information from users via the CCS website and third-party applications.

Forms

CCS requests information from the customer through HubSpot forms and Microsoft Forms.

HubSpot

A customer must provide contact information (such as name and email). This information is used for marketing and customer contact purposes. Please refer to the HubSpot section below for more information.

Microsoft Forms

CCS collects network infrastructure and workflow data via Microsoft Forms for contact and analysis purposes. This information helps tailor CCS services to user needs. CCS ensures user data is securely stored, accessed only by authorized personnel, and not shared with third parties without consent. Please refer to the Microsoft Forms section below for more information.

Information Use

Information collected is used only for contacting users about requested products and services. CCS does not share user information with other third parties.

Sharing

Legal Disclaimer

CCS may need to disclose personal information when required by law. CCS may also be required to disclose information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Third-Party Advisors

CCS does not share website usage information about users with third parties.

Service Providers

CCS does not partner with other third-party systems to provide toll-free services. When the user signs up for these particular services, we share names or all contact information necessary for the third party to provide these services. These third parties are not allowed to use personally identifiable information except for the purpose of providing these services.

Links

This website contains links to other sites. Please be aware that CCS is not responsible for the privacy practices of such other sites. CCS encourages users to be aware when they leave the CCS site and to read the privacy statements of every website that collects personally identifiable information (PII). This privacy statement applies solely to information collected by this website.

Legal Minors

CCS Products and Services are not intended for legal minors, and CCS does not knowingly collect information from these individuals. Minors should not submit any personal information without the permission of their parents or guardians. By purchasing Products and Services, users are representing that they are at least 18. In the event that CCS learns that it has collected personal information from a minor, that information will be purged in accordance with the law. If there is a belief that CCS may have any information from or about legal minors, please contact info@choicecybersolutions.com.

Security

CCS uses reasonable and appropriate measures to protect user information. When customers submit sensitive information via the website, their information is protected both online and offline. When the CCS registration/order form asks users to enter sensitive information, that information is encrypted and is protected. While on a secure page, such as the CCS order form, the lock icon on the bottom of web browsers or within the settings on the address bar appears in the encrypted state.


CCS protects sensitive information both online and offline. All user information, not just the sensitive information mentioned above, is restricted to company infrastructure. Employees are granted access to PII through the Principle of Least Privilege (PoLP) and are required to undergo training on data security best practices.

Application Data Storage Security

CCS follows the PoLP, and will only store user data in the necessary resources to provide users the best possible service, information and resources. These tools include, but are not limited to:

Actifile

CCS utilizes Actifile to enhance data security and compliance by monitoring, protecting, and managing sensitive data, both in transit and at rest. Actifile helps ensure client data is secured against unauthorized access or breaches while maintaining compliance with privacy and security regulations. Specifically, Actifile is used for:

  • Monitoring the flow of sensitive data across client networks, identifying where data is stored, and tracking how it is accessed and used.
  • Automatically encrypt sensitive data at rest and in transit to protect against unauthorized access or data breaches.
  • Providing real-time alerts for any potential data leakage, misuse, or unauthorized access attempts.
  • Enabling clients to meet data protection and privacy regulations such as GDPR, HIPAA, and CMMC by managing data visibility and securing personal and business-critical information.
  • Generating detailed reports on data access and usage for compliance audits and security assessments.
All data handled through Actifile is encrypted and processed in accordance with strict privacy and security protocols, ensuring that sensitive client information is protected at all times. Access to data monitoring and security information is restricted to authorized personnel. CCS leverages Actifile to provide clients with robust data protection and regulatory compliance while ensuring that client data is secured from potential threats or breaches. Learn more about Actifile’s data privacy and compliance here.

Adobe Sign

CCS utilizes Adobe Sign to streamline and secure the process of obtaining electronic signatures for contracts, agreements, and other important documents. Adobe Sign helps ensure that documents are signed efficiently while maintaining the highest standards of security and compliance. Specifically, Adobe Sign is used for:

  • Collecting legally binding electronic signatures on contracts, service agreements, and compliance-related documents.
  • Managing and tracking document workflows, ensuring transparency and accountability during the signing process.
  • Securely storing signed documents in compliance with relevant data protection regulations.
  • Providing an audit trail for all signed documents, including timestamps, signatory information, and IP addresses, to ensure document integrity.
  • Ensuring that only authorized individuals have access to documents requiring signatures, with role-based access controls and encryption.
All documents processed through Adobe Sign are handled securely, with advanced encryption methods used to protect sensitive information. CCS ensures compliance with relevant e-signature and privacy laws, including the U.S. ESIGN Act and GDPR, where applicable. Client documents and signatures are never shared with unauthorized parties, and access is limited to those necessary for the completion of the signing process. Learn more about Adobe’s security compliance here.

HubSpot

CCS utilizes HubSpot as a Customer Relationship Management (CRM) platform to manage interactions with current and potential clients. HubSpot is primarily used to collect, store, and analyze customer data to streamline sales, marketing, and customer service processes. Specifically, CCS uses HubSpot to:

  • Track communication and engagement with clients and prospects.
  • Automate marketing activities, such as email campaigns and newsletters.
  • Manage inquiries, requests, and ongoing interactions through the sales pipeline.
  • Provide personalized customer support and improve overall client experience.
  • Analyze performance data to better understand the CCS client base and improve service offerings.
The data collected through HubSpot is used solely to improve customer experience, facilitate business operations, and fulfill client requests. CCS ensures that all data processed through HubSpot adheres to relevant privacy and data protection laws. Learn more about HubSpot's security & risk management here.

Hyperporoof

CCS utilizes Hyperproof as a compliance management platform to streamline and enhance the way we manage and track our compliance-related activities. Hyperproof helps CCS ensure meeting regulatory requirements efficiently and securely, while protecting client and business data. Specifically, Hyperproof is used to:

  • Manage and track compliance tasks, audits, and assessments in a secure and centralized platform.
  • Monitor compliance activities related to industry standards, such as CMMC, GDPR, and other regulatory frameworks.
  • Store and organize compliance documentation, ensuring easy access for authorized personnel.
  • Automate the process of evidence collection and reporting to streamline audits and reduce manual work.
  • Collaborate securely with clients and auditors by sharing relevant compliance-related documents and updates.
All data stored and processed within Hyperproof is handled in compliance with strict privacy and security regulations. Access to client compliance data is restricted to authorized personnel, ensuring that sensitive information is protected at all times. CCS uses Hyperproof to safeguard client data, maintain transparency in our compliance processes, and enhance the overall efficiency of managing regulatory obligations. Learn more about Hyperproof’s security and privacy here.

KnowBe4

CCS utilizes KnowBe4 as our security awareness training platform to help clients enhance their employees' understanding of cybersecurity threats and improve overall security practices. KnowBe4 allows CCS to deliver, manage, and track comprehensive security training programs tailored to client needs. Specifically, KnowBe4 is used for:

  • Managing and delivering security awareness training programs to client employees, focusing on topics like phishing, social engineering, and cybersecurity best practices.
  • Tracking employee participation and performance in training sessions to ensure compliance with cybersecurity training requirements.
  • Providing customized training modules to address specific client security concerns and regulatory requirements.
  • Monitoring and reporting on the progress of training programs, ensuring that all employees complete mandatory security training.
  • Conducting simulated phishing tests to measure employee awareness and reinforce the importance of cybersecurity practices.
All client employee data, training records, and performance metrics processed within KnowBe4 are handled securely and in compliance with data privacy regulations. Access to this data is restricted to authorized personnel, and it is used solely to enhance the effectiveness of security awareness programs. Choice Cyber Solutions ensures that sensitive information is protected, while helping clients build a culture of security awareness and compliance via KnowBe4. Learn more about KnowBe4’s security statement here.

LastPass

CCS utilizes LastPass as a secure password management tool to store and manage client passwords when necessary. LastPass ensures the highest level of security and protection for sensitive login credentials, while minimizing unauthorized access risks. Specifically, LastPass is used to:

  • Securely store and manage client passwords and login credentials in an encrypted vault.
  • Share passwords with authorized team members securely without exposing the actual password.
  • Enable controlled access to sensitive client systems and applications as part of our service delivery.
  • Automatically generate strong, unique passwords to enhance security for client accounts.
  • Monitor and manage access to client credentials, ensuring compliance with security policies and best practices.
All passwords stored in LastPass are encrypted using advanced security protocols, ensuring that they are never accessible in plain text. Access to client credentials is restricted to authorized personnel and is handled in compliance with relevant privacy and data protection regulations. Choice Cyber Solutions uses LastPass to maintain the highest level of confidentiality and security when managing client information. Learn more about LastPass’ Compliance Center here.

Lumifi

CCS utilizes Lumifi, a platform designed to enhance cybersecurity operations through advanced threat detection and response capabilities. Lumifi helps CCS provide proactive monitoring and protection of client systems, ensuring that potential threats are identified and addressed quickly. Specifically, Lumifi is used for:

  • Continuous monitoring of client networks and systems to detect potential security threats and vulnerabilities.
  • Real-time threat analysis and alerting to ensure swift response to security incidents.
  • Automated threat detection using artificial intelligence (AI) and machine learning to identify patterns of malicious activity.
  • Managing incident response processes, including investigation, containment, and resolution of security breaches.
  • Generating detailed reports on security incidents and overall network health to keep clients informed of their security posture.
All data processed through Lumifi is securely encrypted and handled in strict accordance with privacy regulations and industry best practices. Access to threat detection data and incident reports is limited to authorized personnel, ensuring the protection of sensitive client information. CCS leverages Lumifi to deliver comprehensive cybersecurity services, while safeguarding client data and ensuring compliance with applicable data privacy laws. Learn more about Lumifi’s Privacy Policy

Microsoft Applications

Microsoft GCC & Microsoft 365

CCS leverages Microsoft Government Community Cloud (GCC) and Microsoft 365 to enhance secure communications, collaboration, and productivity across the organization. These platforms are used to:

  • Provide secure cloud-based tools for email, document storage, and communication through Microsoft Outlook, OneDrive, and SharePoint.
  • Ensure compliance with government and industry-specific security standards by utilizing Microsoft GCC, which is designed to meet strict data protection and security requirements.
  • Collaborate internally and with clients on projects through secure file sharing, real-time document editing, and communication tools.
  • Manage and store sensitive data related to clients and projects in compliance with regulatory requirements.
  • Facilitate internal operations such as team collaboration, scheduling, and task management through Microsoft 365's integrated productivity applications.

The data processed through Microsoft GCC and Microsoft 365 is secured in accordance with stringent security protocols, ensuring the protection of client information and compliance with relevant privacy laws. CCS takes all necessary precautions to safeguard data while using these platforms to manage daily operations and client-related activities.

Microsoft GCC SharePoint

CCS utilizes Microsoft GCC (Government Community Cloud) SharePoint to securely manage and store critical business and client data. SharePoint is employed to facilitate secure document management, team collaboration, and data sharing within CCS. Microsoft GCC SharePoint is specifically used to:

  • Store and organize sensitive documents and data, ensuring compliance with strict government and industry security standards.
  • Enable secure collaboration between internal teams and external stakeholders by sharing documents and information within a controlled, permission-based environment.
  • Manage project files, reports, and client-related documentation in a centralized location for easy access and retrieval.
  • Ensure version control and audit trails for documents, enhancing transparency and accountability.
  • Provide secure access to resources and information for employees, regardless of their location, while maintaining compliance with government security regulations.

The data processed and stored in Microsoft GCC SharePoint is protected with robust security measures, in full compliance with relevant privacy laws and regulations. CCS prioritizes safeguarding client data while optimizing business efficiency through secure and controlled access to information.

Microsoft GCC and Forms

CCS utilizes Microsoft Government Community Cloud (GCC) and Microsoft Forms to securely collect and manage data from both internal stakeholders and clients. Microsoft GCC ensures that CCS maintains high-level security and compliance with industry and government standards, while Microsoft Forms is used to:

  • Collect feedback, surveys, and responses from clients, partners, and employees securely.
  • Streamline data collection for assessments, audits, compliance checks, and internal evaluations.
  • Gather and analyze client needs, requests, or service-related inquiries through easy-to-use forms.
  • Facilitate onboarding, training, and compliance monitoring via internal form submissions.

All data collected through Microsoft Forms in the GCC environment is handled with the highest security protocols to protect sensitive information. CCS ensures compliance with relevant data protection laws, and the information gathered is used solely to enhance CCS service offerings and business operations.

Learn more about Microsoft's commitment to earn trust here.

Monday.com

CCS utilizes Monday.com for all project management, including but not limited to: client orders, issue tracking, and account related task management. In order to accomplish this task, CCS must store select sensitive data in order to provide the best possible customer service. Monday.com is committed to providing their customers with a highly secure and reliable environment for its cloud-based application. Therefore, CCS has developed a security model that covers all aspects of cloud-based monday.com systems. Read more about Monday.com data security here.

Quickbooks Online

CCS employs the PoLP company-wide. There are limited resources that have access to the Quickbooks Online account. Quickbooks is used for one-time and unique payment requests, i.e. a Risk Assessment or Penetration Test. Invoices are generated by the billing team and emailed directly to the client-provided billing contact. The only time that payment information is stored in the CCS account is when clients select the "Save for Future Use" option. CCS never charges clients without explicit consent.

Quickbooks takes various measures to ensure that CCS data is safe. They rely on advanced, industry-recognized security safeguards to keep all CCS financial data private and protected. QuickBooks Online is a VeriSign SecuredTM product. VeriSign® is the leading secure sockets layer (SSL) Certificate Authority. Learn more about Quickbooks Security here.

SureShield ComplyShield

CCS utilizes SureShield's ComplyShield platform to manage and assess risks related to cybersecurity, compliance, and business operations. SureShield ComplyShield helps us evaluate, monitor, and mitigate risks effectively while ensuring the security and confidentiality of client data. Specifically, SureShield ComplyShield is used for:

  • Conducting comprehensive risk assessments for client systems and operations.
  • Monitoring and managing cybersecurity threats, vulnerabilities, and compliance risks in real-time.
  • Storing and analyzing risk-related data to inform decision-making and enhance overall security posture.
  • Generating reports and dashboards to track and communicate risk management efforts with stakeholders and clients.
  • Providing a centralized platform for managing risk mitigation strategies and ensuring compliance with industry standards such as NIST, CMMC, and others.

All data processed through SureShield ComplyShield is securely encrypted and handled in compliance with relevant data protection regulations. Access to risk assessment data is restricted to authorized personnel only, ensuring that sensitive information is protected. CCS utilizes SureShield ComplyShield to deliver effective risk management solutions while safeguarding client data and adhering to strict privacy and security standards.

SureShield ComplyShield is hosted on Amazon Web Services (AWS) Cloud Infrastructure, to learn more about AWS security measures here.

SureShield ComplyShield's application-specific security features include granular access control, multi-tenanted architecture, two-factor authentication, and multi-dimensional data analysis. Learn more about SureShield ComplyShield products and security features here.

Slack

CCS utilizes Slack as a communication and collaboration platform to streamline interactions with both internal teams and clients. CCS is committed to ensuring that client data is never stored or transmitted through Slack, to maintain the highest level of data privacy and security. CCS adheres to the following practices when using Slack for client communications:

  • Client data is never directly shared, stored, or transmitted within Slack channels, messages, or attachments.
  • When necessary, links are shared via the PoLP, meaning only necessary individuals can access them.
  • Access to links and shared resources is controlled through secure authentication methods, ensuring that sensitive information is accessed only by authorized individuals.
  • CCS encourages all sensitive conversations to take place through secure, approved platforms rather than Slack, ensuring compliance with CCS security policies.
  • Slack is used strictly for coordinating tasks, sharing general information, and communicating non-sensitive updates.
By using these practices, CCS ensures that Slack is employed as a secure communication tool without compromising the privacy and confidentiality of client data. All communications through Slack are monitored to ensure compliance with internal policies, and CCS takes all necessary precautions to protect client information from unauthorized access. Learn more about Slack's privacy policy here

Stripe

CCS utilizes Stripe as a secure payment processing platform to handle financial transactions related to CCS services. Stripe enables CCS to process payments efficiently while maintaining the highest level of security and compliance. Specifically, Stripe is used to:

  • Facilitate online payments for services provided to clients.
  • Securely store and manage payment information in compliance with PCI-DSS standards.
  • Process recurring payments, subscriptions, or one-time transactions.
  • Provide clients with a seamless, secure checkout experience for payment processing.
  • Generate and manage invoices for billing purposes.
All payment data processed through Stripe is encrypted and handled in compliance with industry-standard security measures. Stripe ensures that payment information is safeguarded, and Choice Cyber Solutions does not store sensitive payment data directly on our systems. We prioritize the protection of client financial information and ensure compliance with applicable privacy laws and financial regulations. Learn more about Stripe’s Privacy Policy here.

Zoom and Avoma

CCS leverages both Zoom and Avoma to enhance communication, collaboration, and meeting efficiency. These tools are essential in managing virtual interactions with clients, partners, and internal teams. Specifically, Zoom and Avoma are utilized as follows:

Zoom
  • Hosts virtual meetings, webinars, and video conferences with clients, partners, and internal teams.
  • Provides a secure platform for discussing confidential business matters, such as compliance, security services, and project planning.
  • Records meetings, with consent, to ensure accurate documentation, improve internal processes, and for training purposes.
  • Shares screens and presentations during meetings for more effective collaboration and project management.
Avoma
  • Integrates with Zoom to automatically record, transcribe, and summarize meetings, helping us capture critical insights from client calls and internal meetings.
  • Analyzes conversations to identify action items, track key discussions, and improve follow-up communications.
  • Streamlines the management of meetings by enabling easy access to transcripts and summaries for better collaboration and project follow-through.
CCS ensures that both Zoom and Avoma are used securely and in compliance with relevant data privacy laws. All recorded data, transcripts, and meeting summaries are handled with the utmost care and used solely to improve business operations, client communication, and service delivery. Any meeting data is securely stored and accessed only by authorized personnel. You can learn more about Zoom’s commitment to security here and Avoma’s security policy here.

Client-Provided Applications and Resources

CCS is committed to maintaining the privacy and security of any applications, platforms, or resources clients provide as part of our service delivery. When clients grant access to their proprietary systems, software, or other resources, CCS adheres to strict privacy and security protocols to ensure that sensitive data is protected. Specifically, CCS use of client-provided applications and resources involves:

  • Accessing and utilizing client-provided software, platforms, and applications solely to deliver agreed-upon services.
  • Ensuring that any data accessed through client systems is handled securely and only by authorized personnel within our organization.
  • Storing and processing any data from client applications in compliance with relevant privacy laws, contractual agreements, and data protection policies.
  • Implementing secure access controls, including multi-factor authentication, protects client resources from unauthorized access or breaches.
  • Regularly monitoring and reviewing access to client systems to ensure that only essential personnel have access, and that the usage is compliant with security and privacy best practices.

CCS treats all client-provided resources with the highest level of confidentiality and security. Any data collected, processed, or stored within these systems is protected in accordance with applicable laws and our internal security policies. Choice Cyber Solutions ensures that all client-provided applications and resources are used responsibly, with the sole objective of delivering optimal services while safeguarding client data.

Network Scanning Tools

Scans

Choice will conduct network scans with state-of-the-art vulnerability scanning tools for all facilities and perform a review of systems to determine the level of security and compliance. CCS scans will uncover active security gaps on user networks by IP address and location to discover organizational exposures. In addition, they will provide users with a virtual map of exposures to create a detailed remediation plan. CCS utilizes the following tools to conduct the following:

  • Network Asset Scans
  • Software Vulnerability Scans
  • Internal & External Vulnerability Scans
  • PII Scans Dark Web Scan
Scans

CCS uses a variety of scanning tools to conduct Security & Compliance Risk Assessments. The information utilized to conduct scans is provided by the MSP or client IT resource in the Network Infrastructure Discovery Form and stored in the CCS Resource Center. CCS primary scanning tools do not store any sensitive data, and are conducted through agents installed on a host workspace within the client domain. Scanning tools may store client information such as the device name and location of issues or sensitive data. However, these tools never disclose or provide any sensitive data.

CCS takes precautions wherever possible to protect sensitive data by utilizing world-renowned scanning tools, enabling two-factor authentication, enforcing a complex password policy and team education. All scan reports and data are stored in the CCS Resource Center. Please direct all scanning tool security or compliance related questions to clients@choicecybersecurity.com.

Discovery

The goal of CCS is to scan all network devices in addition to the physical, on-site equipment. All equipment must be powered on and readily available for scans to be effective. It is critical to inform staff to keep all machines powered on during scan times. CCS will communicate the specific scanning windows and send users a reminder the day prior to scanning to a pre-selected contact.

Timing

CCS will conduct scans at a dedicated convenient time for user organizations. Please take into consideration that these scans may take up to three business days to complete, depending on the device and vulnerabilities.

Network Impact

CCS tools are well vetted to ensure the safety of user systems. They are not intrusive and should not cause any network issues or downtime. These scans may be conducted outside of normal business hours if assets can be powered on and made visible for CCS-utilized scanning tools.

Workflow Operations

CCS scanning processes should not impact daily operations or workflows. All business should be conducted as usual so that CCS can get a proper network assessment of data in motion. It is important that all team members their natural data flow so that CCS can conduct a proper assessment of employee operations to create impactful results and resolution suggestions.

Employee Impact

All network devices will be scanned for vulnerabilities. This includes all mobile devices such as laptops, tablets and smartphones. While CCS will search for active vulnerabilities, CCS will not have visibility into specific sensitive information. CCS scans will provide the location of each sensitive file but will not hold data on the specific information contained therein.

Data Retention

CCS must balance legal obligations and the need to retain information for business purposes against the cost of storing and securing such information. The standard data retention policy is seven years unless otherwise stated in the Data Retention Policy.

GDPR Rights

Where applicable, GDPR codifies data protection via a series of rules for businesses and rights for European Union citizens. The following rights are enshrined in GDPR:

Right to Access

Users have the right to access all data CCS stores on behalf of users. View access to the data may be requested via a request to clients@choicecybersecurity.com

Right to Portability

Users have the right to transfer their data from one place to another. Upon request, CCS will utilize Box to provide that service.

Right to be Forgotten

Users have the right to request that all of the data CCS possesses about them be deleted. By request, CCS can fully delete user accounts, including all content, personal data, and identifiable links in practice with the CCS Data Retention Policy.

Notification of Changes

Changes to the CCS Privacy Policy will be posted to this Privacy Statement, the CCS homepage, and other places as appropriate.