What Does Security Really Mean to Your Success?
Not understanding everything on this page is no crime. Yet, not having it in place could lead to one. Your clients are becoming more attuned to this reality and they're asking tough questions, especially in RFP's. With BackChecked, you'll have all the right answers. That's important.
The Data Center
BackChecked servers are housed in an SSAE16 SOC 2 Type 2 audited data center, located in Phoenix, AZ. The facility is monitored by high-definition cameras and staffed by on-site security personnel 24 x 7. Phoenix is a location favored by global firms. Why? No floods. No ice storms. No earthquakes. No hurricanes.
Access to the server room requires a biometric scan. The servers are mounted in locked cabinets that contain only BackChecked equipment and only BackChecked authorized personnel have access. Servers are further protected by redundant air conditioning, on-site back-up generators and fire prevention systems. Redundant fiber connections from multiple broadband providers ensure continued availability of internet service.
The Servers and Application
The BackChecked application and your data reside on modern high-availability servers, protected by multi-level firewall and intrusion detection technology.
External and Internal vulnerability scans are conducted on a regular basis by a PCI Approved Scanning Vendor. All Information Assets are protected by Anti-Virus software and continuously monitored by a Managed SIEM solution.
All data is encrypted at rest. All data transmission to and from the servers is encrypted via SSL Certificates featuring SHA-2 and 2048-bit encryption.
Full system backups are performed nightly. Incremental backups are performed on a continuous basis throughout the day. Backup system copies are encrypted and immediately moved to an equally secure facility on a daily basis. A formal Disaster Recovery process is in place and tested on a regular basis.
BackChecked employs a three-tiered development environment and follows strict Change Management procedures for both the application and system infrastructure. The company maintains and enforces comprehensive Information Security, Data Loss Prevention, Capacity Management, Patch Management and Vendor Management policies.
Access, Control and Change History
BackChecked fully supports the Multi-factor authentication requirements of the three major credit bureaus and other providers of sensitive data. The system also enforces the use of strong passwords, login timeouts and password expiration. You control the frequency of each. You can also restrict login and/or specific access to credit data by IP Address.
You can assign 20 unique user rights to each staff member and 6 unique rights to each client user, enabling an exact match of privilege and responsibility. When necessary, you can immediately deny access to any user without contacting BackChecked.
The system automatically logs all transaction activity by username, providing a complete Change History audit trail that is immediately available to you. So, you will always know who touched each record and exactly what that user did to it.
A Monitor User Activity function enables you to easily identify and deactivate users that should no longer have system access.
To learn how these and other features can help to ease the task of achieving PBSA Accreditation, contact BackChecked today.