
At Rest & In Transit
ISO 27001 Certification
SOC 2 Certification
Daily Database Backups
How client environments and data are protected at the platform level.
All client data is encrypted at rest and in transit. Encryption is applied consistently across our managed platforms and the vendor stack we rely on to deliver services, so data is protected whether it is stored, backed up, or moving between systems.
Access to client systems and internal tools is governed by role-based access control (RBAC) and multi-factor authentication (MFA). Staff are granted the minimum access necessary to perform their role, and access is reviewed and revoked promptly when no longer needed.
We maintain layered network defenses, including firewalls, endpoint protection, and continuous monitoring across managed environments. Threat detection and response is handled in partnership with a dedicated 24/7 Security Operations Center (SOC) — see the Managed Detection & Response entry in our vendor stack below.
Core service delivery platforms used by Columbia River IT Solutions are hosted with established, audited cloud providers. Specific hosting details for each platform are available in the vendor stack section and the linked provider trust centers below.
Our current certification status and audit cadence.
ISO 27001 — In Progress
SOC 2 — In Progress
Columbia River IT Solutions is currently pursuing ISO 27001 certification, a recognized international standard for information security management, alongside SOC 2 certification. We will update this page and notify clients as each certification is completed.
Many of the platforms in our vendor stack independently hold SOC 2 Type II, SOC 3, and ISO 27001:2022 certifications. Details and links are provided in the Vendor & Sub-Processor Stack section below.
What data we handle, and where client data lives.
Columbia River IT Solutions does not collect or store private client data on its own systems. Client-facing operations — ticketing, remote monitoring and management, backup, and threat detection — are handled through the vetted, security-certified platforms listed below. Each platform maintains its own privacy program, data processing agreements, and sub-processor disclosures, linked directly for your review.
| Platform | Function | Trust Center |
|---|---|---|
| HaloPSA | Ticketing & professional services automation (PSA) | usehalo.com/security |
| Blackpoint Cyber | Managed detection & response (MDR) and 24/7 SOC | blackpointcyber.com/trust-center |
| NinjaOne | Remote monitoring & management (RMM) | trustpage.ninjaone.com |
| Dropsuite | SaaS backup (email & cloud application data) | trust.dropsuite.com |
We periodically review the security posture of every platform in our stack as part of our vendor risk management practice. Clients may request current certification documentation (e.g., SOC 2 reports, DPAs) directly from the linked trust centers, or contact us for assistance.
How we prepare for, detect, and respond to security events.
Databases supporting our managed services are backed up daily, in addition to the SaaS backup coverage provided through Dropsuite for hosted mailboxes and cloud application data.
Managed environments are monitored around the clock through our MDR partnership with Blackpoint Cyber, whose Security Operations Center provides continuous threat detection, investigation, and response.
Our breach notification process and timelines are aligned with industry-standard practices for timely client communication in the event of a confirmed security incident. Notification procedures are reviewed regularly to stay current with evolving best practices.
Combined with daily backups and continuous monitoring, our operational practices are designed to minimize downtime and data loss in the event of a disruption, supporting rapid recovery of client systems.
If you have questions about this Trust Center, need documentation for a security review, or want to report a concern, reach out to our team.
This Trust Center reflects Columbia River IT Solutions, LLC's security and compliance posture as of the date above and is provided for informational purposes. Certification and audit status for third-party platforms is maintained independently by each vendor and subject to change — refer to the linked trust centers for the most current status. This page does not constitute a legal or contractual guarantee; specific security commitments are governed by your services agreement.