Security

PCI Compliance

We are a PCI Compliant provider, so you can be confident that all data security complies with industry standards.

Internet Security

All information transmitted is via 256-bit SSL encryption to provide industry leading protection to our clients while maintaining maximum performance.

REQUESTOR's Credentialing

All potential requestors of our system first go through a verification process by one of our trained, credentialing professionals. This process includes verifying physical location, business type, contact information and electronic print.
Only once this process is complete the requestor is permitted to search against data housed in our system.
In addition, every search request requires permissible purpose, your companies designated code, and the employees SSN before they are processed.
Our verification systems can also be configured to require a signed release by the employee before any employment/income information is released.

Data Protection

All potential PII that we house is protected through transparent database encryption to ensure the stored data is encrypted at all times.
Hosting Features: Primary servers/ storage are located in SSAE 16 SOC1 Type II and SOC 2 Type II facility in Atlanta, GA and secondary redundant servers in Portland, OR.
Both locations: Redundant UPS systems, Redundant HVAC, Fully documented SDLC, federal and local background checks required in addition to EEA acknowledgement, Redundant security features including 24/7/365 motion, video and electronic intrusion monitoring.

 

Data Upload

We currently support a wide range of encryption methods for our data upload, which include SSL/TLS, SSH with FIPS 140-2 (embedded RSA security module). All servers are proactively monitored for intrusion prevention, which includes audit reviews of all activity logs. Additionally, data uploading through SFTP protocols are restricted to a given scope of IPs (or single IP) designated by the client. Connections from unauthorized public IPs are not allowed.