Thursday, August 21, 2008

Contact Us Online
Office Location
Privacy Policy
Data Security Policy
you are here : home > contact us > privacy policy

SECURITY

Ascertain Screening and Investigations, LLC combines innovative technology with practical planning to defend against security threats to our customers' sensitive information. Our approach safeguards data retrieval, as well as application hosting and data storage. In order to provide our clients with secure access to their application, we have built a system with features that go far beyond password protection.

Multiple credentials required to gain access
Simply having a user-ID or a user-ID and password is not sufficient. In addition, we require our customers to maintain an active client ID. This provides us with another level of identification so that only authorized customers gain access to our system.

IP address restrictions
Clients have the option to register the IP addresses of all computers that will be used to access the system. This precaution provides yet another layer of client identification. Unauthorized IP addresses are not able to access our system.

Time restrictions
Client-specific (optional) time of day restrictions give access to our system during authorized hours only. Time restrictions help avoid after-hours attempts at intrusion and unauthorized employee access.

Limit user access by function
We have incorporated restrictions to user access within each of our applications - such as general user, manager, and administrator - to allow you to restrict an individual user's access to specific areas of the software. Each software module exists in total isolation which allows us to define a user's access based upon responsibilities. For example, it is possible to have an administrator for resetting user passwords, but restrict this user from access to consumer confidential information.

Automatic logout
Users who remain inactive are automatically disconnected from our system based on pre-set time intervals set by administrators. This prevents client-site security mishaps, where often, users leave for the day, and someone else can gain access through their terminal.

Data encryption
In addition to using 128 bit SSL for browser communication security, all sensitive data and consumer information is stored in an encrypted format within our database. Access to encrypted data requires Ascertain authorization. Furthermore, the access for decryption by us requires two employees to input their respective passwords concurrently and follow strict written procedures. At this time, only two employees have passwords issued by our managed hosting site.

Data storage & application hosting security
Our dedicated servers are housed at Digex, a Tier 1 managed hosting provider with industry leading expertise and experience. Digex has achieved the SAS 70 Type II certification and the Security Assurance Group infrastructure certification (SAG certified). Digex employs a security team whose charter is to protect the integrity and confidentiality of our infrastructure, applications, and data. Our internal attention to security matters is complemented by Digex' comprehensive security program, which includes:

24/7/365 monitoring
The Digex managed services team monitors the stability and performance of:

  • Environmental issues, including power, temperature and humidity;
  • Network connectivity to the Internet (i.e. Front End), and to our Credit Bureaus (i.e. Back End);
  • Hardware usage and failure, including CPU utilization, hard drive utilization, memory utilization, and equipment components (e.g. cards, drivers, memory, processors);
  • Software functioning, including web servers, application servers, database servers; and, Comprehensive physical security.

    An on-site security staff safeguards the Digex hosting facility and all assets housed within.

    Safeguards against natural disasters, hardware downtime and power interruptions
    Digex servers are connected to two independent power networks including redundant power outlets and power distribution systems (i.e. uninterruptible power supplies, conditioners and distribution units) that are fed by two separate power grids and supplied by separate utility companies.

    Digital certificate authentication
    Our SSL certificates are guaranteed to be authentic by VeriSign, which provides customers with the confidence that they are interacting with our secure websites.

    High availability architecture with mirrored data storage
    In the event of an outage, Digex provides high N+1 redundancy to minimize downtime. Specific features include redundant load balancers, firewalls, application and database servers with redundant components.

    Private connections to all credit bureaus
    We have dedicated private connections to all credit bureaus to safeguard the transmission of data. In addition, multiple connections to our credit bureaus via separate carriers increase connectivity.

    If you have any questions concerning our security policy, please contact us:

    Ascertain Screening and Investigations, LLC
    170 Mill Street, Suite 200
    Gahanna, OH 43230
    614.858.0100 phone
    800.858.2901 toll-free
    614.418.9617 fax

    		•


    Home : About Us : Services : Compliance : Contact Us : Sign-In
    Copyright © 2006, Ascertain Screening and Investigations, LLC. All Rights Reserved. : Privacy Policy     		toll free 800.858.2901

    Click to verify BBB accreditation and to see a BBB report.