Security Statement

Purpose


System security and data safeguarding are of the utmost importance to Credentrust Solutions, Inc. Our system is designed and managed to provide the necessary security. This document describes the policies and procedures in place to guard both the system and your data from unauthorized access as well as recovery if data is lost. If you have any questions concerning the security of your data, please contact our Security Administrator at security@credentrust.com .

Security


There are many aspects to security. Credentrust has taken the necessary steps to ensure your data is protected in accordance with industry standards. Credentrust's servers are hosted and managed by a professional hosting company with whom Credentrust has had a relationship since 1998. The hosting company is responsible for physical security as well as installing all appropriate software patches.

No access to the system is available to a user until they are logged in and authenticated. All user sessions are maintained via SSL / HTTPS to ensure that all data passed between the browser client and Credentrust servers are encrypted during transmission both from and to the client. In addition to SSL encryption, the Credentrust system automatically encrypts sensitive data such as user passwords, social security numbers and credit card numbers prior to storage in the database.

All source code is specifically designed and extensively tested by Credentrust to ensure data security. Authenticated users are granted access only to the applications and functionality for which they have permission. All requests and actions are checked to verify that the user does in fact have permission for that particular application as well as the requested action at that time.

All uploaded files are stored in a non-public directory and are not accessible via a direct URL. All requests to view or download these files must be authenticated by the Credentrust system.

Data Archival & Backup


To ensure that no customer data is lost, Credentrust performs daily backups of its database, uploaded files and source code. The backed up files are then burned to CDs on a weekly basis, which are stored offsite rather than at Credentrust's office in Irvine, California.