Security & Privacy

Overview

Introduction Physical Security Monitoring
Privacy Policy Secured Sockets Layer Firewall and Virus Protection
SSAE Type 16 Compliance Passwords and User Sessions Data Reconciliation
PCI Data Security Standard Database Security Activation and Support
Trustwave: TrustKeeper Software Change Control Conclusion

 

Introduction

At Fidesic Software, keeping our customers’ information secure and private is our highest priority. This document outlines some of the measures that we have taken to ensure privacy and security. Fidesic hosts a state-of-the-art internet application as an Application Service Provider (ASP). Fidesic has drawn expertise as an enterprise ASP from employees with experience from Microsoft, Bank of America, Wells Fargo, and the Federal Reserve. Protecting our customers requires constant vigilance and we consistently increase our security as new technologies become available.

 

Top

 

Privacy Policy

Fidesic understands the importance of keeping your personal information secure. We only collect information that is necessary to provide the Fidesic services to you. Fidesic’s Privacy Statement is available online at https://app.fidesic.com/V2/#/PrivacyPolicy  . This statement explains what information we collect, how we use it and how we keep it secure. Fidesic reserves the right to amend or change this Privacy Statement at any time; the latest revision date will be displayed with the Statement on the Fidesic web site.

 

Top

 

SSAE Type 16 Compliance

Fidesic Software takes privacy and Internet security very seriously, which is why we have adopted privacy standards to comply with modern security protocol. We utilize one of the largest, most secure data centers in the country, US-Signal, to employ and meet the standards of the Statement on SSAE type 16 Report. Fidesic’s server infrastructure and physical access controls are guarded and locked down based on US-Signal standard protocols.

 

Top

 

PCI Data Security Standard

Physical access controls is not the only level of security that we have implemented. We store all sensitive customer payment profiles off-site, vaulted in Authorize.Net’s Customer Information Manager (CIM), an encrypted secure server which complies with the Payment Card Industry Data Security Standard (PCI). Fidesic Software’s compliance with the Payment Card Industry (PCI)Data Security Standard is achieved by storing sensitive payment data using CIM.These payment profiles are managed by Authorize.Net, a Cyber Source solution (NASDAQ: CYBS) and the industry leader (and standard) in creating and storing secure credit card transactions between customers and their vendors. 

 

Top

 

Trustwave:TrustKeeper

To ensure your data is secure, we hire an expert to run intrusion detection reports and quarterly penetration tests. Similar penetration tests are performed on banks and other government organizations with strict security requirements.  TrustKeeper  is a certified remote assessment and compliance solution designed to help merchants meet the security standards of all credit card companies. TrustKeeper has been certified by Visa CISP/AIS, MasterCard SDP, American Express DSOP, Discover DISC, and all other credit card companies. TrustKeeper is an integrated solution which removes the challenge of navigating the different card company requirements and provides a"one stop shop" for merchants to achieve compliance and receive certification.

 

Top

 

Physical Security

The Fidesic Internet Data Center is housed within an Azure secure data center. The servers are monitored by guards 24 hours a day. Access to the servers is restricted to authorized personnel identified by photo ID cards and biometric palm scans. Azure ensures continuity of power and internet access to the Fidesic servers. Fidesic has a second Internet Data Center ready for emergency use at all times.

 

Top

 

Transport Layer Security

As an internet service, security of communication over the internet with our customers is critical. This security is provided by Transport Layer Security (TSL). TSL is the industry standard for ensuring secure internet commerce. A user can confirm that communications are being carried over TSL by a yellow lock displayed in the lower right corner of their browser. The user can review the Fidesic server certificate by clicking on the lock.

 

Top

 

Passwords and User Sessions

Access to the Fidesic application is protected by user passwords. It is the users’ responsibility to keep these passwords secure and private. The passwords may be changed at any time, and users are encouraged to change their passwords often. Once logged in, a user must re-enter their password after 30 minutes. When accessing the service from within an accounting system, the user must enter their password to conduct each batch of transactions. User sessions are maintained with a tamper-proof cookie held in the user’s internet browser memory. A secure hash included in the cookie insures that only the web server can specify which user is logged in.

 

Top

 

Database Security

Particularly sensitive customer information is encrypted when stored in the Fidesic database. All bank account numbers, credit card numbers, and social security numbers must be decrypted by the Fidesic application before they can be read. Passwords are stored as a one-way Secure Hash Algorithm (SHA) hash. Fidesic can validate that a correct password has been entered but it is impossible for Fidesic to determine what a user’s password is. This ensures that only the user can enter their password into the Fidesic application. The Fidesic database is backed up every 15 minutes to a backup server. Access to our Microsoft SQL databases is restricted to our applications and administrators that are properly authenticated by Windows Server.

 

Top

 

Software Change Control

All software deployed to the Fidesic service undergoes a rigorous software quality assurance process. Dedicated testers verify that the software protects the integrity and privacy of customer data. Fidesic has extensive systems for tracking and ensuring the resolution of all issues that are identified during the software development life cycle. Once software updates have been fully validated they are deployed to the Fidesic servers.

 

Top

 

Monitoring

The Fidesic servers are monitored both internally and through an independent agency. Individual application components are monitored to ensure that all aspects of the system are available at all times. The Fidesic team is notified at the indication of an emerging issue so that corrective action can be taken.

 

Top

 

Firewall and Virus Protection

All Fidesic servers run virus protection software. Virus definition files are updated immediately and all operating system patches are applied as they become available. All of the Fidesic servers are behind a Cisco firewall that is monitored and maintained by both Fidesic and Savvis.

 

Top

 

Data Reconciliation

All activity in the Fidesic clearing account is verified by detailed reconciliation between bank statements and the Fidesic database. Fidesic staff ensures that every transaction expected actually occurred on the correct date and that all transactions through the clearing account are accounted for. Detailed transaction information is available to customers online so they can reconcile their own accounts.

 

Top

 

Activation and Support

All customers are assigned a dedicated activation manager to ensure that the application is configured to meet their business needs. Activation includes examining existing customer processes in depth, assisting with the installation of any client software, verifying correct installation, and any training that may be necessary. Once customers are fully activated, responsibility for support transitions to the Fidesic support staff. If customers have any questions or concerns about the application Fidesic is available by telephone or email to address their concerns. At any time, customers are free to contact their activation manager or customer account manager for additional support.

 

Top

 

Conclusion

This is meant as an overview of some of the provisions that Fidesic has taken to ensure data security and privacy. If you have any additional questions or would like a more in-depth discussion about security and privacy please contact Fidesic at (866) 439-5884

 

Top

Electronic archive

The Fidesic advantage – we will keep an electronic copy of all invoices sent – in PDF format – which are accessible at any time and any place you can access the web. No more printing and keeping paper copies of invoices sent – we are your electronic archive for more cost effective storage.