Brownrice Security Policy

Brownrice Internet, Inc. will use all reasonable tools to secure our web, email, and fully managed leased and co-located servers. However, the customer understands that keeping sensitive data on any Internet connected appliance (i.e. server) is inherently risky.

We do not allow un-encrypted, sensitive data to be stored on Internet connected servers. i.e. All credit cards, social security numbers, and sensitive data must be encrypted when stored on BRI servers or transmitted across our networks.

BRI installs and maintains some, or all, of the security software below on our web, email and fully managed servers in order to prevent and detect security breaches.

The customer understands that this type of software may occasionally interfere with the clients software normal operation. BRI staff will work to modify security software that interferes with client applications. However, there may be cases where the security concerns of the BRI network are greater than the clients needs and the client will have to modify their software, at their own expense, in order to comply with security.

Fully managed and BRI server security response: In the event of a security compromise the fully managed server that has been compromised will be immediately removed from the BRI network and analyzed. If the security breach can be quickly removed and all security vulnerabilities quickly remedied then BRI staff will do so and re-connect the server to the BRI network at no cost to client. Otherwise, the servers operating system will be restored prior to the server being placed on our network at no cost to client.

Web site and non-fully managed server response: In the event of a security compromise on a web site or non-managed server the machine or site will be immediately removed from the BRI network. Any BRI analysis and/or restoral of services - at clients request - will be billed at our normal rates

PCI DSS Compliance: BRI does offer fully-managed PCI DSS complaint services. However, unless client has specifically requested and paid-for PCI Compliance services BRI does not warrent or imply that any server or site that is hosted with BRI is PCI DSS compliant.