At A-Team Systems, we prioritize the security and privacy of our customers. We adhere to stringent security protocols and implement advanced measures to safeguard our systems and protect the integrity and confidentiality of all customer data we may have access to. Our commitment to these principles is critical to our success, and we continuously evolve our security practices, striving to meet and exceed industry standards.

NIST CSF 2.0 / Cybersecurity Framework

A-Team Systems follows the NIST Cybersecurity Framework (CSF) version 2.0, integrating its core functions—Identify, Protect, Detect, Respond, and Recover—into our security protocols and information security policies.

Third-Party Attestation

Omnistruct, a leading compliance specialist organization, continuously monitors, governs, and attests to our security implementations. This includes compliance under NIST CSF 2.0 and our overall organizational security posture.

Governance and Risk Management

Security Program Governance

We have documented and implemented a comprehensive security program that governs how we protect systems, data, and client interests. This area is actively monitored and maintained.

Risk Management

Our organization has developed and follows a structured risk management process to identify, evaluate, and respond to risks affecting our operations and customer data. We are continually improving this area to align with best practices.

Operational Security

Access and Zero Trust

Our engineers’ access to customer infrastructure is tightly controlled and maintained behind multiple firewall and VPN layers. This creates a private, zero-trust, segregated network that requires multiple authentication methods. Direct customer access is restricted to just a few necessary jump points.

Encryption In Transit

Secure SSL encryption channels are used on any connection over the Internet, including when accessing a customer server. We take “clear text” exposure seriously and enforce password rotations if we suspect credentials may have been exposed.

Authentication, Access Control, and Least Privilege

All customer credentials are stored in a password vault system using the same software employed by the US Department of Energy, the US Department of Commerce, and NASA. This system provides at-rest encryption, role-based access control (RBAC) of credentials, and complete access auditing while enabling the “least privilege” methodology.

Configuration Management

We use formal processes and tooling to manage system configurations, reduce vulnerabilities, and ensure consistency across our infrastructure. Baseline configurations and approved changes are tracked and reviewed regularly. This area is actively monitored and maintained.

Vulnerability and Patch Management

A-Team Systems maintains its servers using the same practices it uses with its customers: Continuous patching, audits, and security scans.

On our servers, we implement an XDR + SIEM solution that correlates activity and provides advanced automated responses to threats across our entire network. We employ a next-generation antivirus and EDR + MDR solution on our engineers’ workstations to provide a similar advanced detection and automated response to threats on our end-user devices.

Security Monitoring & Testing

We conduct monthly internal vulnerability scans to proactively detect misconfigurations and emerging issues across our infrastructure. These scans are followed up with remediation and verification reviews.

Additionally, we engage a third-party firm to perform comprehensive penetration testing quarterly. The findings are documented, reviewed, and used to drive continuous improvement in our security posture.

Data Protection

Data Protection Mechanisms

We have implemented controls to protect data at rest and in transit, including encryption, access restrictions, and monitoring. These safeguards are aligned with modern standards to preserve confidentiality and integrity. This area is actively monitored and maintained.

Backups

We leverage a leading cloud backup provider to perform daily backups of all infrastructure, which are both immutable and off-site. This means even we cannot delete or change the backups, only restore from them.

Customer credentials and other data in our password vault are backed up with this provider but without the at-rest encryption keys. These keys are stored separately off-site, making it impossible for the backup provider to decrypt our password vault data.

Personnel Security

All employees with elevated access undergo a thorough criminal background check as part of our pre-employment screening process.

Each team member must also sign a Non-Disclosure Agreement (NDA) and agree to our comprehensive Code of Ethics, Code of Conduct, Cybersecurity, and Device and Data Security Policies, which detail the technical, professional, and ethical standards expected within our organization.

These policies are continuously improved, and employees receive notices of any changes immediately for their review. Each employee is required to re-read all policies annually as well.

Employees also receive robust initial security training with ongoing sessions to stay updated on the latest security practices and threats.

Threat Awareness

All technical staff, including upper management, receive daily/weekly threat reports and security news updates from various industry sources to stay abreast of new and evolving attack strategies.

These are reviewed monthly during security governance meetings and used as scenarios during tabletop exercises. Security training also follows these trends to ensure we incorporate relevant situations into our sessions.