ISB GLOBAL SERVICES, INC. has developed and currently maintains policies and procedures to ensure information security over five broad areas within our environment:
- Physical Security
- Electronic Security
- Communication Security
- Portable Electronic Storage Devices
Security is a high priority and attention is given to high publicity threats such as viruses, denial of service attacks, and other malicious activities over the Internet, as well as maintaining the integrity and confidentiality of sensitive application data such as credit reports, social security numbers, and other personal identifying information.
Access to confidential consumer information is limited to those who have a legitimate need to know the information. Those with a legitimate need to have consumer information are Vendors, Clients, Employees and Consumers.
Vendors, Clients, and Employees are vetted, only provided/granted access/information necessary to their legitimate needs and then contractually bound to keep all information confidential. Consumers are vetted before information is disclosed.
Employees are prohibited from “browsing” files or databases without a business justification and the prohibition is contractually bound. Moreover, we maintain records on each request for information and identify each user who requested information on a consumer.
ISB Global Services’ destruction of consumer information is in accordance with the Federal Trade Commission’s requirements that the information be unreadable upon disposal.
Access to our computer terminals, file cabinets, fax machines, trash bins, desktops, etc. are secure from unauthorized access. Our offices are securely locked and monitored by an alarm system. Authorized visitors to our facility are checked in and monitored.
Data Physical Security
The physical server machines are hosted at a state-of-the-art collocation facility that is staffed on-site 24/7 to provide an immediate response to any incident.
ISB Global Services maintains a secure network to safeguard consumer information from internal and external threats. Our backup data is maintained in an encrypted form.
Password-controlled access requires users to authenticate with a private login ID and password before accessing the system. Passwords must be reset at least every 90 days.
Clients are expected to guard their password carefully and not share it with or disclose it to anyone for any reason. Paper and electronic copies of reports must be carefully controlled to prevent the unauthorized distribution or disclosure of personally identifying applicant information.
Firewalls, Intrusions Detection and Filtering Routers
The servers are protected by firewalls, intrusion detection, and filtering routers that verify the source and destination of communications.
All transactions are performed in a secured environment. Supported web browsers automatically secure all consumer information communications transmitted via our network, using the Transport Layer Security (TLS) 1.2 protocol using 128-bit encryption. All data is encrypted as it travels between the client web browser and our servers. No Consumer Information is sent over the internet that is not encrypted or secured with a minimum of 128-bit SSL encryption. This includes the body of emails or attachments. Access by users over the Internet requires a confidential username and strong password. Other means of communication i.e., fax and mail have specialized procedures to ensure communication security.
Portable Electronic Storage Devices
The storage of any consumer information outside the premises on any portable electronic storage device or media is prohibited and contractually agreed to by employees with the exception of secure transport of backup materials to an approved, vetted storage facility.