Common Audit Questions

PLEASE READ FIRST!   

Effective July 24, 2020, LobbyCentral will no longer complete lengthy audit questionnaires or worksheets.    Due to the number of industries LobbyCentral is used in, as well as increased hacker and insider information trading, LobbyCentral is no longer providing confidential information. 

Please do not send your audit questionnaires or worksheets, as they will not be completed

If you have a critical question that is not answered below, please open a support ticket with that specific question.    Please send one question per support ticket.   Multiple questions in one support ticket or the entire worksheet submitted will be rejected.   Please note that submitting a question does not guarantee an answer and that a question may be returned as "Not Disclosed" or "Confidential".   

Our Statement Regarding Confidential Information

Due to the nature of our company and the service we offer, we will only release certain public information about our company, operations, practices, design methodologies, and the data center.  Information regarding security, employees, and our data center, including policies and testing results  is strictly confidential.

Non-Disclosure Agreements

LobbyCentral will not enter into any Non-Disclosure Agreements (NDA) for release of information, as these are not physically enforceable.   NDAs are simply a legal binding agreement that involved parties will not disclose information about one or another.   While a breech is enforceable through legal action, the information released cannot be retracted and therefore the damage is done

What is the full legal name and address and organizational status of LobbyCentral?

Fuhr Software, Inc

dba LobbyCentral

150 E. Mound Street, Suite 309,

Columbus, OH 43215

United States

Contact Phone:   614-347-1798
Email:  [email protected]

Corporation (C)
Privately held

Is LobbyCentral located in a single tenant or multi-tenant building and is it secured? 
  • Multi-tenant building
  • Key card required to enter building before 7am and after 6pm, Monday-Saturday.   Key card required all day Sunday.
  • Key card required to enter office 24/7
  • Building security cameras are employed
Where is LobbyCentral SaaS data stored?   Where is the Data Center located?

LobbyCentral uses a third-party SOC 2 certified data center, located inside the United States.    Data Center requires key card access which restricts movement to various parts of the data center.   24 hour monitoring and on-site security.  The exact location of the data center and it's security protocols are confidential.

Does data ever leave the United States?

For customers within the United States, no.    Data is stored and transmitted from within the United States.   Data will leave the boundaries of the United States for customers who have offices located out of the United States.

Who has access to the LobbyCentral servers located in the data center?

No LobbyCentral employees have physical access to the data center.    Key members of the LobbyCentral development team can access the servers using a Virtual Private Network (VPN).   A key member access is limited to update the LobbyCentral application, retrieve error logs, and perform server security.   The development team list is confidential.

How is the Data Center and LobbyCentral audited?

The Data Center is SOC 2 certified.  The certification document is confidential and cannot be shared outside of the data center-vendor relationship.

LobbyCentral conducts its own security review of procedures and practices, including code reviews and review of office access logs.   Employees are required to sign a Code of Conduct agreement which includes the safeguarding of company equipment when it leaves the office, e.g laptops.

Does the Data Center have backup power?

Yes.   The Data Center utilizes a secondary generator in the event of a power failure.   The testing of the battery backup system is conducted by the data center.

Can I get a copy of your Security Policy?

The Security Policy is strictly confidential and is not available.

Does LobbyCentral employ contractors or outsource work in or outside the United States?

LobbyCentral does not employ outside contractors, consultants, third-party firms for the development, management, or distribution of it's software.   LobbyCentral does employ a third-party U.S. IT support services company for support services.   The third-party IT company does not have access to LobbyCentral's servers, including database servers.   LobbyCentral does not outsource work.

Is the LobbyCentral database single or multi-tenant?   How is data secured?

LobbyCentral uses multi-tenant databases, which means each customer account retains its own database on the server and is not accessible by any other account.

Data is encrypted at rest using SQL Transparent Data Encryption.   Data in motion is secured over HTTPS.

Who has access the LobbyCentral database server?

Only key members of the LobbyCentral development team have access to the LobbyCentral database server.  

How often is data backed up?   Can I get a copy of the backup on a regular basis?

Data is backed up every 15 minutes.   The last backup at 12:45AM is stored in a secondary data center, also located within the United States.   Backup databases are encrypted.

You may request a copy of your database for a fee by submitting a support ticket.    Please note that 15 minutes backups are overwritten by the next backup.  Therefore a request for a 15-min backup database will be of whatever is available when the support request is answered.

Do you have any data center outside of the United States?

No.

Is any data stored at the corporate LobbyCentral office?

No.   All data and the software provided as a service is located inside the data center.

Do you have a failover site?   Where is it located?

As LobbyCentral continues to grow, we are in the process of deploying a failover site to a secondary data center located within the United States.  

Are your employees required to sign a Confidentially and/or Ethics Agreement?

Yes.   Employees must read and agree to terms of a confidentiality agreement.   This agreement is renewed as part of the employee's annual review.

Does LobbyCentral conduct Penetration Testing (Pen-Test) on it's software as a service?

Yes.   Pen testing is conducted annually.   The results of our last test, 2019 revealed several non-critical deficiencies mostly as a best practice check.   No security defects were detected.

Is LobbyCentral HIPAA Certified and will it enter into a BA Agreement?

In short, the Department of Health and Human Services does not recognize any such designation.   Rules in the HIPAA policy as it pertains to technical companies have been reviewed and implemented in LobbyCentral.

HIPAA is a vague and broad policy that can be boiled down to several factors:  1.  Limiting and controlling access to PIA, 2. Making PIA unusable if it is stolen, 3. Remedies if PIA is stolen or compromised.

A BA agreement or Business-Associate is a legal binding agreement between LobbyCentral and the company using LobbyCentral.   It outlines the responsibilities of both parties.   LobbyCentral charges a fee for companies that require us to enter into a BA Agreement.   Please contact [email protected] for more information.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles