Security

What Security Means to Us

Not understanding everything on this page is no crime. Yet, not having it in place could lead to one. That’s more important today than ever before. So, here’s what you need to know about how we care for your data.

Security Certification

The software platform that we use to conduct background checks is SOC 2 Type 2 certified. This means it has passed a rigorous audit against the AICPA Principles for Security, Confidentiality, and Availability. In other words, a qualified third party has confirmed that your data is handled in a secure manner. This certification will be renewed every year.

The Data Center

The servers are housed in a data center that is also SOC 2 Type 2 certified. Located in Phoenix, AZ, this facility is monitored by high-definition cameras and staffed by on-site security personnel 24 x 7. Phoenix is a location favored by global firms. Why? No floods. No ice storms. No earthquakes. No hurricanes.

Access to the server room requires a biometric scan. The servers are mounted in locked cabinets and only authorized personnel have access. Servers are further protected by redundant air conditioning, on-site back-up generators and fire prevention systems. Redundant fiber connections from multiple broadband providers ensure continued availability of internet service.

The Servers and Software Application

The platform and your data reside on modern high-availability servers, protected by multi-level firewall and intrusion detection technology. Vendor issued patches are tested, implemented and confirmed no less than weekly.

External and Internal vulnerability scans are conducted on a regular basis by a PCI Approved Scanning Vendor. All Information Assets are protected by multiple layers of Anti-Virus software and continuously monitored by a Managed SIEM solution. Third party penetration tests are conducted on a regular basis.

All data is encrypted at rest. All data transmission to and from the servers is encrypted via SSL Certificates featuring SHA-2 and 2048-bit encryption.

Full system backups are performed nightly. Incremental backups are performed on a continuous basis throughout the day. Full system backup copies are encrypted and moved to a geographically separate SOC 2 Type 2 certified data center on a daily basis. A formal Disaster Recovery process is in place and tested on a regular basis. Of course, the Disaster Recovery site is also SOC 2 Type 2 certified.

The platform provider employs a three-tiered development environment and follows strict Change Management procedures for both the application and system infrastructure. In addition, comprehensive security policies are in place and enforced, including those that apply to Information Security, Data Loss Prevention, Capacity Management, Patch Management and Vendor Management.

Access Control

The platform fully supports the Multi-factor authentication required by providers of sensitive data. The system also enforces the use of strong passwords, login timeouts and password expiration. If needed, we can also restrict login access by IP Address.

We can assign any combination of six unique rights to each of your users, enabling an exact match of privilege and responsibility. One of these user rights controls the ability to immediately deny access to any of your staff without contacting us.

The system automatically logs all transaction activity by username, producing a Change History audit trail. So, when you need to know, we can always report on who updated a record and exactly what was changed.