SECURITY TAKEN SERIOUSLY
System Security
Security is a top priority and played a very important part in the design and development of our online background screening system. We pay close attention to high publicity threats such as viruses, denial of service attacks and other malicious activities over the Internet as well as to maintaining the integrity and confidentiality of sensitive application data such as credit reports, social security numbers and other personal identifying information.
Our programming/IT team uses the best, leading technology to secure our website and the environment in which it operates. This includes client authentication (Password controlled access), encryption of data, public-private key pair, firewalls, intrusion detection, filtering routers and data backups. Each of these components acts as a layer of protection to safeguard information from unauthorized users, deliberate wrong doing and inadvertent loss.
User authentication
All access is password controlled and continually requires users to authenticate through a private login ID and passcode before access is granted. After a user is authenticated, sessions that remain inactive for a period of time will expire, requiring the user to re-authenticate before continuing their session. Additionally, user accounts that remain inactive for extended periods of time are automatically disabled. User Passcodes are protected in the system by using sophisticated hashing schemes and should never be shared with anyone. Passcodes must be reset at least every 90 days and must be different from the previous three passcodes. They need to be at least 8 characters in length and contain at least one each letter and digit. A passcode recovery feature is in place to allow a user to retrieve his or her login ID and or reset a forgotten passcode after answering several pre-configured security questions and a CAPTCHA.
IP Restrictions
System access can be further restricted at the client or user level by IP address(es). Any attempt to access our system from an IP address outside the authorized range is rejected.
Encryption
All transactions are performed in a secured environment. Access to our system requires use of HTTPS. Supported web browsers automatically secure the session communications using the Secure Sockets Layer (SSL) 3.0 or Transport Layer Security (TLS) 1.0 protocol using 128-bit encryption. All data is encrypted as it travels between the client web browser and the InstaScreen servers and can only be decrypted with a public and private key pair, thus protecting against eavesdropping, server impersonation, and stream tampering.
Firewalls, Intrusions Detection and Filtering Routers
The systems servers are protected by firewalls, intrusion detection, and filtering routers which verify the source and destination of communications. The firewalls and routers are configured to reject any unauthorized, suspicious, or disallowed traffic. Routers keep out traffic that does not emanate from either end of the secured session between the client and the server.
Physical Security
The physical server machines are hosted at a state-of-the-art collocation facility that is staffed on-site 24/7 to provide an immediate response to any incident. Access to the facility is restricted to authorized personnel and is secured by both password-protected keypads and biometric scans. Door, glass, and motion events at the facility are digitally recorded and archived, as well as observed live by facility staff for any suspicious activity. UPS systems and a 500-kilowatt diesel generator ensure electrical service to the facility. Multiple fiber providers provide Internet connectivity with diversified entry points into the facility. The cooling system incorporates redundant components, excess capacity, and high-efficiency technologies to maintain an optimal operating environment for the servers.
Data Integrity
Database servers are configured with mirrored hard drives to provide real-time, fail over redundancy. Additionally, nightly backups of data are scheduled, with archives removed weekly to an offsite location for additionally redundancy.
Our Client’s Responsibility
Clients are expected to guard their password carefully and to not share it with or disclose it to anyone, for any reason. Our staff will never ask a client for their password. Clients must also ensure the security of their online sessions, completely logging out of the system when finished and not leaving active sessions unattended. Paper and electronic copies of reports must be carefully controlled to prevent the unauthorized distribution or disclosure of personally identifying applicant information.
A robust and secure system requires a multi-faceted solution with hardware, software, and education. Critical to the success of any secure system is the education of its user community and employees on the importance and sensitivity of information. Knowledge of why and how data is secured, and the permissible uses of all information, is essential in maintaining the integrity of the system and its contents.