Statement About Our System Security
We insist on the best and most secure technologies in every category. Operating systems, programming languages, framework, app engine, encryption, authentication, authorization, serverware... there are many layers, and every layer is among the best security records in its field.
Our Security Certifications and Accreditations.Our systems, and your data, are protected with the exact same standards that Amazon.com and other major players like Google use for their own online assets.
All of our systems, and your data, are stored in cutting-edge data centers (aka "the cloud") which have successfully completed multiple SAS70 Type II audits, and as of September 30, 2011 publish a Service Organization Controls 1 (SOC 1) report, published under both the SSAE 16 and the ISAE 3402 professional standards.
In addition, our cloud has achieved ISO 27001 certification, has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS), and has received FISMA-Moderate Authority to Operate. We will continue to obtain the appropriate security certifications and conduct audits to demonstrate the security of our infrastructure and services.
Communication With Our System Is Always Through a Secure Sockets Layer (SSL)
In short, SSL is the standard method to safeguard communications between computers over the internet. The computers on each end are secured behind their respective 'firewalls' etc, but they need a way to send data to each other through those firewalls.SSL ensures that your machine can talk to ours privately using the latest standard of data encryption. Even if someone did manage to intercept an SSL data stream they couldn't understand anything inside it.SSL also ensures that the computers are connected to the precise machines that they intended to - that no other computer can sneak into the conversation or pretend to be one of ours.
FYI: You can confirm SSL is being used by noting that http:// in the URL is replaced with https://. Some current browsers now also color code the https text (in the address bar) to indicate how secure the channel is. Green is best. If ever the https is red (or has a strikethrough font) then the certificate may not have been verified or perhaps is out of date, but your conversation is still safely and fully encrypted.
We occasionally change or update graphics which can sometimes trigger minor warnings until have we finished securing them. Meanwhile our data and yours is always encrypted (especially related to your client list and meeting plans).
The Human Element
- Have their own unique login and password (see the Team Management tab).
Said another way, if anyone is using another's login to gain access to The Trusted Advisor Toolkit™, you have allowed potential security breeches.
- Keep passwords private.
- Change passwords periodically.
Password changes are easy; before logging in simply click "Forgot your Password?" to receive an email containing a password reset link.
- When you remove someone from your team, removing their login access is the only way you can be assured they no longer have access.
- If a former member of your team has other team members' login information, your system security is in jeopardy.
- Unlike what you see on TV; "hackers" don't 'crack' encryption, they 'crack' people. It's a form of identity theft.
- If they can obtain enough information to imitate you, they may be able to use that information to get enough security information from others to break into your system.
- Encourage your team not to advertise any common methods they use to select passwords etc (even with other team members around the "office water cooler").
- Be suspicious of anyone who initiates any contact requesting personal or sensitive information (such as login information).
- The Trusted Advisor Toolkit™ Security Team
Question: For compliance purposes and disclosure of outside business activities, what do you recommend I give our compliance attorney to define my Trusted Advisor work within the Toolkit?Compliance Department Contact Request [Full-access Members Only]