Our team acknowledges the significance of protecting our client's data. In order to guarantee the safety of all client data, we have put in place standard security protocols and upheld multiple layers of security precautions.

Here is a summary of the security criteria and procedures established by Express1099 to safeguard our client's data.


  • SOC 2 Compliance

    SOC 2 certification represents a security standard developed by the American Institute of CPAs (AICPA) for service organizations. It mandates that companies institute and uphold a series of controls and protocols aimed at guaranteeing the confidentiality, integrity, and availability of client data.

    These controls encompass policies and procedures concerning security, availability, processing integrity, confidentiality, and privacy. SOC 2 audits are conducted to assess whether a company's systems and processes align with these standards.

    As a SOC 2-certified software, Express1099 undergoes routine audits to confirm that its systems and procedures adhere to the SOC 2 criteria. This demonstrates that Express1099 has put in place and consistently maintains a comprehensive set of controls and protocols to safeguard client data and privacy in all aspects of its operations.

  • CCPA Compliance

    The California Consumer Privacy Act (CCPA) is a privacy legislation that grants specific rights to California residents regarding their personal information (PI).

    PI encompasses any data that can be used to identify, describe, relate to, or associate with a particular individual or household.

    As a service provider responsible for managing the PI of California residents, Express1099 adheres to all CCPA regulations. This implies that Express1099 ensures that California residents have the right to be informed about the collection of their PI, the right to access their PI, the right to request the deletion of their PI, and the right to opt out of the sale of their PI.

  • PCI DSS Compliance

    The Payment Card Industry Data Security Standard (PCI DSS) comprises a collection of policies and protocols put in place to guarantee secure transactions involving credit, debit, and cash cards, as well as to prevent the improper use of cardholders' personal information.

    Express1099 ensures that all the payment processing tools it employs meet the PCI compliance requirements for the encryption and secure transmission of credit card data.

Data Protection

  • Firewall

    We have integrated a Web Application Firewall (WAF) that filters incoming traffic, carefully examining requests for any malicious patterns, thus guaranteeing that only authorized and legitimate access is permitted.

  • Antivirus

    Our system is safeguarded by antivirus software that continually observes the behavior of devices, files, and applications. It detects irregularities and acts to prevent potential threats.

  • PII Data Security

    We adhere to all the standard regulations for securing PII (Personally Identifiable Information) data to guarantee the security of our clients and their vendor's personal information, including Social Security Numbers, email addresses, phone numbers, and more.

  • Encryption - Data-in-Rest, Data-in-Motion &

    We apply encryption to all client data, whether it is stored in our database (Data- at-Rest) or transmitted between networks or devices (Data-in-Transit).

    Additionally, we implement SSL (Secure Sockets Layer) and TLS (Transport Layer Security) cryptographic protocols to encrypt data that is currently being accessed or read (Data-in-Use) to ensure its security at all stages.

  • Database Management

    Access to production databases is limited solely to individuals with a specific and legitimate need to access production data. We also employ data fragmentation techniques and regularly conduct data backups as a precautionary measure to guard against unexpected security incidents.

  • Defense In-Depth Security

    We adhere to a Defense-in-Depth security architecture, which employs a layered security approach encompassing various levels of security mechanisms and controls.

  • Oracle Cloud Infrastructure Security

    Our database is managed using Oracle Cloud Infrastructure Security, and our servers are protected by Compute Security measures.

    Each instance in the cloud is associated with a dedicated whitelist that restricts communication to only specific sources, ensuring a controlled and secure access environment.

  • Data Loss Prevention

    We implement standard Data Loss Prevention (DLP) practices to prevent the loss of sensitive data and the unauthorized removal of data from our system.

Network Security

  • Secure Remote Access - VPN

    We have limited the access to our servers, data, and tools exclusively to authorized Express1099 corporate personnel who connect through our secure VPN network. Furthermore, we only permit access from approved IP addresses in specific geographical locations, adding an extra layer of security.

  • Wireless Security

    To safeguard the confidentiality of our data, we have implemented restrictions on accessing our system through unauthorized wireless networks.

  • Internet URL Filtering

    To shield our system from security threats, we have implemented measures to block access to websites that may contain potentially harmful content, such as phishing pages, across our network.

Preventive Measures

  • Secure Software Development - DevSecOps

    We embrace the DevOps methodology for testing and deploying to guarantee secure software development. This entails incorporating established security measures throughout the development cycle.

  • Threat Modeling

    We proactively create strategies to identify and mitigate potential security threats and vulnerabilities right from the development of our application.

  • API Security

    Recognizing the potential for APIs to expose sensitive data, we maintain a dedicated security checklist for our API endpoints. This enables us to detect and address any potential security vulnerabilities effectively.

  • Incident Management

    We have established streamlined protocols to address unforeseen security incidents promptly and effectively.

  • Change Management

    We strictly adhere to a standardized process that involves meticulous planning, testing, and validation to ensure that every change is implemented without posing any risks to the data.

Security Standards

  • Security Policies

    Our comprehensive security policies encompass a wide array of measures and guidelines, including access controls, encryption protocols, regular audits, and vulnerability assessments. We rigorously follow these policies to guarantee complete data protection.

  • Security Awareness Training

    The Express1099 team possesses a well-defined understanding of data security and remains updated on emerging technologies and security mechanisms designed to counter security threats.

  • Escalation Matrix

    In the case of security incidents, we have established a clear and organized escalation matrix, delineating the responsible personnel and the corresponding notification procedures for each escalation level. These procedures are diligently adhered to.

Security Evaluation

  • Penetration Testing

    Our penetration testing practices adhere to OWASP standards, a comprehensive guide for identifying and mitigating security vulnerabilities in web applications. We conduct frequent tests on our systems to uncover potential vulnerabilities.

  • Monitoring and Response

    We maintain regular monitoring and scanning of our network and applications to identify potential security threats. When such threats are detected, we conduct event log analysis and take proactive measures to mitigate the threat.

  • Windows/Server Hardening

    We implement a series of server hardening processes to eliminate potential points of vulnerability for security attacks on our servers. This helps enhance the security of our infrastructure.

A Comprehensive Solution for Seamless Vendor Management