Security
What Does Security Mean to Your Success?
Not understanding everything on this page is no crime. Yet, not having it in place could lead to one. Your clients are becoming more attuned to this reality and they're asking tough questions, especially in RFP's. With BackChecked as your platform, you'll have the right answers. So, what do you need to know?
1. SOC 2 Type 2 Certification
BackChecked is SOC 2 Type 2 certified. This means our software platform and operation have passed a rigorous audit against the AICPA Principles for Security, Confidentiality, and Availability. In other words, a qualified third party has confirmed that we manage your data in a secure manner.
Furthermore, we renew this certification every year. Your clients and consumers they serve should expect no less.
2. The Servers and Application
The BackChecked application and your data reside on modern high-availability servers, protected by multi-level firewall and intrusion detection technology. Vendor issued patches are tested, implemented and confirmed no less than weekly.
External and Internal vulnerability scans are conducted on a regular basis by a PCI Approved Scanning Vendor. All Information Assets are protected by multiple layers of Anti-Virus software and continuously monitored by a Managed SIEM solution. Third party penetration tests are conducted on a regular basis.
All data is encrypted at rest. All data transmission to and from the servers is encrypted via SSL Certificates featuring SHA-2 and 2048-bit encryption.
Full system backups are performed nightly. Incremental backups are performed on a continuous basis throughout the day. Full system backup copies are encrypted and moved to a geographically separate SOC 2 Type 2 certified data center on a daily basis. A formal Disaster Recovery process is in place and tested on a regular basis. This Disaster Recovery site is a SOC 2 Type 2 certified data center.
BackChecked employs a three-tiered development environment and follows strict Change Management procedures for both the application and system infrastructure. The company maintains and enforces comprehensive policies, including Information Security, Data Loss Prevention, Capacity Management, Patch Management and Vendor Management.
3. Access, Control and Change History
BackChecked fully supports the Multi-factor authentication requirements of the three major credit bureaus and other providers of sensitive data. The system also enforces the use of strong passwords, login timeouts and password expiration. You control the frequency of each. You can also restrict login and/or specific access to credit data by IP Address.
You can assign 20 unique user rights to each staff member and 6 unique rights to each client user, enabling an exact match of privilege and responsibility. When necessary, you can immediately deny access to any user without contacting BackChecked. You can also enable any of your client users to do the same within their own domain.
The system automatically logs all transaction activity by username, producing a Change History audit trail that is immediately available to you. So, you will always know who touched each record and exactly what that user did to it.
4. The Data Center
BackChecked servers are housed in a data center that is also SOC 2 Type 2 certified. Located in Phoenix, AZ, this facility is monitored by high-definition cameras and staffed by on-site security personnel 24 x 7. Phoenix is a location favored by global firms. Why? No floods. No ice storms. No earthquakes. No hurricanes.
Access to the server room requires a biometric scan. The servers are mounted in locked cabinets that contain only BackChecked equipment and only BackChecked authorized personnel have access. Servers are further protected by redundant air conditioning, on-site back-up generators and fire prevention systems. Redundant fiber connections from multiple broadband providers ensure continued availability of internet service.
To learn how these and other features can help to ease the task of achieving PBSA Accreditation, contact BackChecked today.