Meeting CMMC Requirements with a System Security Plan

AEPAC considers security as a high priority. The IT Business solutions have been built from the outset using the core principles of information security, also known as the CIA triad:

• Confidentiality - Prevent the disclosure of information to unauthorized individuals or systems.

• Integrity - Maintain and assure the accuracy and consistency of data over its entire lifecycle

• Availability - Ensure the information is available when and where it is needed.

AEPAC is committed to continuous achievement and maintenance of these principles and preserving the trust and confidence of our customers. Integral to this is providing a robust security and privacy program that carefully considers data protection matters across our suite of services, including data submitted by customers to our services(customer data).

Onsite and offsite backups, resilience and redundancy infrastructure, availability of secondary data centers, and the use of geographically distributed infrastructure and support staff enable disaster recovery plans to be executed quickly and efficiently in the event of a major disaster.

• INCIDENT HANDLING - Information Security Incident Management process in accordance with DFARS (NIST 800-171)

• INCIDENT RESPONSE TRAINING - Security awareness trainings to facilitate the identification, recognition and the reporting of security incidents.

• INCIDENT RESPONSE TESTING - “Capture the flag” tests done by internal security experts and/or independent3rd parties.

• INCIDENT REPORTING - Any incident will be investigated by the security department and if the incident requires escalation, an incident report is generated.