|
Security
Security is of great concern
to us and to our clients. At Vieth Consulting, we work very hard to ensure
that your data is protected...
System
Access
- Password-Protected
Members Area - the heart of the MMS system is the member's area. All
updates to your data is done through the member's area. Access to the
member's area is limited to users with a username and password. After
several minutes of inactivity (90 minutes in most cases), a user's session
is 'timed-out'. The user then has to re-log-in.
- Password
Reset - in the event that a user loses their password, they have the
ability to re-set it. This allows them to re-gain access, without sending
a password in clear text via email.
- Access
Log - we keep a record of who logs in and when, recording the IP addresses
of each user's access.
- Change
Log - in the critical parts of the MMS (members, events, billing), we
also keep record-change-logs, to track when a given piece of member/attendee/event
information was changed.
- User Permissions
- The MMS has a highly flexible way to grant access to users-
- member-level:
this is for general members. they have the ability to change their
own information, and view whatever inforation the association chooses
to allow them to view
- admin-level:
admins have full access to all areas of the system
- custom:
member-level users can be granted specific permissions to specific
areas, as designated by an admin user.
Sensitive
Information
- PCI Compliant
- PCI stands for Payment Card Industry, and is a continually evolving
standard for credit card security. It applies to organziations and merchants
that accept, transmit, or store cardholder data. Vieth Consulting is
a PCI compliant service provider. We go through periodic security assessments
and 3rd part testing to verify this compliance.
- Secure
Sockets (SSL) - All credit card/bank account information is accepted
under SSL encryption. This means that the pages where card information
is entered, these pages are all using https, and the user's browser
would indicate this with a lock/key icon at the top.
- No storage
of credit card information - we do not store cardholder data
within our system. It is accepted at the time of purchase (member joining/renewing,
event registration), but not stored. If you use our monthly-membership
payment processing system, we use Authorize.net's Customer
Information Module to store card information and process the monthly
transactions.
Server
Infrastructure
- Data Center
- All hardware and services are located in a secure data center, located
nearby in Lansing, MI.
- Tier-1
Premium Bandwidth - featuring AT&T, Verizon, Sprint, Savvis
and Level3.
- 24/7
staffing.
- Access
limited to technical staff, motion-detecting cameras monitor the
entire facility, external walls are reinforced poured concrete.
- Multiple
emergency generators waiting on standby
- SSAE-16
(formerly SAS70) Compliant
- The Servers
- All servers are kept up-to-date with the latest software versions,
and all services are constantly monitored.
- Penetration
Tests - We have periodic 3rd party penetration tests to verify that
our servers are secure.
Data
Backups
- Nightly
Backups - all of your data is backed up on a nightly basis (handled
within the data center).
- Offsite
Backup of member data - periodically, we backup the member database
offsite (outside of the data center)
Privacy
Policy
Contact Us Today...
|
