Trust Center

Trust Center

Encryption

At Rest & In Transit

In Progress

ISO 27001 Certification

In Progress

SOC 2 Certification

Backups

Daily Database Backups

Security & Infrastructure

Security & Infrastructure

How client environments and data are protected at the platform level.

Encryption

All client data is encrypted at rest and in transit. Encryption is applied consistently across our managed platforms and the vendor stack we rely on to deliver services, so data is protected whether it is stored, backed up, or moving between systems.

Access Controls

Access to client systems and internal tools is governed by role-based access control (RBAC) and multi-factor authentication (MFA). Staff are granted the minimum access necessary to perform their role, and access is reviewed and revoked promptly when no longer needed.

Network Security & Monitoring

We maintain layered network defenses, including firewalls, endpoint protection, and continuous monitoring across managed environments. Threat detection and response is handled in partnership with a dedicated 24/7 Security Operations Center (SOC) — see the Managed Detection & Response entry in our vendor stack below.

Hosting

Core service delivery platforms used by Columbia River IT Solutions are hosted with established, audited cloud providers. Specific hosting details for each platform are available in the vendor stack section and the linked provider trust centers below.

Compliance & Certifications

Compliance & Certifications

Our current certification status and audit cadence.

  • ISO 27001 — In Progress

  • SOC 2 — In Progress

Columbia River IT Solutions is currently pursuing ISO 27001 certification, a recognized international standard for information security management, alongside SOC 2 certification. We will update this page and notify clients as each certification is completed.

Many of the platforms in our vendor stack independently hold SOC 2 Type II, SOC 3, and ISO 27001:2022 certifications. Details and links are provided in the Vendor & Sub-Processor Stack section below.

Data Privacy & Handling

Data Privacy & Handling

What data we handle, and where client data lives.

Columbia River IT Solutions does not collect or store private client data on its own systems. Client-facing operations — ticketing, remote monitoring and management, backup, and threat detection — are handled through the vetted, security-certified platforms listed below. Each platform maintains its own privacy program, data processing agreements, and sub-processor disclosures, linked directly for your review.

Vendor & Sub-Processor Stack

Platform Function Trust Center
HaloPSA Ticketing & professional services automation (PSA) usehalo.com/security
Blackpoint Cyber Managed detection & response (MDR) and 24/7 SOC blackpointcyber.com/trust-center
NinjaOne Remote monitoring & management (RMM) trustpage.ninjaone.com
Dropsuite SaaS backup (email & cloud application data) trust.dropsuite.com

We periodically review the security posture of every platform in our stack as part of our vendor risk management practice. Clients may request current certification documentation (e.g., SOC 2 reports, DPAs) directly from the linked trust centers, or contact us for assistance.

Incident Response & Business Continuity

Incident Response & Business Continuity

How we prepare for, detect, and respond to security events.

Backups

Databases supporting our managed services are backed up daily, in addition to the SaaS backup coverage provided through Dropsuite for hosted mailboxes and cloud application data.

Threat Detection & Response

Managed environments are monitored around the clock through our MDR partnership with Blackpoint Cyber, whose Security Operations Center provides continuous threat detection, investigation, and response.

Breach Notification

Our breach notification process and timelines are aligned with industry-standard practices for timely client communication in the event of a confirmed security incident. Notification procedures are reviewed regularly to stay current with evolving best practices.

Disaster Recovery

Combined with daily backups and continuous monitoring, our operational practices are designed to minimize downtime and data loss in the event of a disruption, supporting rapid recovery of client systems.

?Questions About Our Security Program?

If you have questions about this Trust Center, need documentation for a security review, or want to report a concern, reach out to our team.

This Trust Center reflects Columbia River IT Solutions, LLC's security and compliance posture as of the date above and is provided for informational purposes. Certification and audit status for third-party platforms is maintained independently by each vendor and subject to change — refer to the linked trust centers for the most current status. This page does not constitute a legal or contractual guarantee; specific security commitments are governed by your services agreement.