Mercury Network Security
Security & Gramm-Leach-Bliley Act Compliance
At a la mode, we take the job of protecting your data and that of your customers very seriously. We have implemented systems and policies to ensure that your data is safe and compliant. SureDocs fully complies with the FTC regulations regarding the Gramm-Leach-Bliley Act. This document describes the areas affected and falling under the Act along with a description of how we safeguard data and maintain compliance.
Protection from unauthorized access during the report
upload process
Documents and data uploaded to our servers for delivery on Mercury Network are protected by a 128bit SSL connection to the web services that handle the receiving of documents from the XSites Mercury Network plugin.
Protection while recipients retrieve reports
In order to comply with the Safeguards and Privacy rules of the GLB Act, Mercury Network never sends any reports or data in e-mail messages. E-mail is only used to send notifications and instructions for retrieving to recipients. Reports are retrieved from Mercury Network across secure encrypted HTTPS web connections.
Protection from unauthorized access while in our custody
Once in our custody, electronic access to reports and data is restricted to key personnel who develop and maintain the systems. We implement a hardware firewall solution that prevents direct access to any of our servers from outside the building.
Physical access to the data is protected in our network operations center by multiple layers of security. Physical access from outside the building to the general offices is secured by electronic card access. Anyone without a security badge is not even able to enter the general offices. Once inside the general offices, access to the network center itself is again limited by card access to key personnel who maintain the systems. Logs are kept of all access to any door.
Protecting data from power failure and disaster
All reports and data sent on Mercury Network is hosted at a la mode's state of the art data center located in Oklahoma City, Oklahoma. In addition, a la mode also has two other offices in Orlando and Salt Lake City, as well as a leased backup data center which is also in Oklahoma. Each of the data centers houses at least one redundant system and boasts redundant power employing uninterruptible power supplies and generators capable of supplying them with power for an indefinite period of time. In the event of a disaster affecting the physical location of the Oklahoma City data center, a la mode is capable of becoming fully functional by employing a combination of the three alternate data centers.
Definitions
Gramm-Leach-Bliley
The Gramm-Leach Bliley (i.e., GLB) Act requires financial institutions to take steps to ensure the security and confidentiality of "customer" records such as names, addresses, phone numbers, bank and credit card account numbers, income and credit histories, and Social Security numbers. The GLB Act broadly defines "financial institution" as any institution engaging in the financial activities enumerated under the Bank Holding Company Act of 1956, including "making, acquiring, brokering, or servicing loans" and "collection agency" services. The GLB Act requires government agencies that regulate financial institutions to implement regulations to carry out the Act's financial privacy provisions. The regulations required all covered businesses to be in full compliance by July 1, 2001.
HTTPS
(Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a Web protocol, developed by Netscape, built into browsers, that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is the use of Secure Socket Layer (SSL) as a sub-layer under its regular HTTP application layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.)
SSL: Secure Sockets Layer
.
Used by most commerce servers on the World Wide Web, this high-level security protocol protects the confidentiality and security of data while it is being transmitted through the Internet. Based on RSA Data Security's public-key cryptography, SSL is an open protocol that has been submitted to several industry groups as the industry security standard. Denoted by the letters HTTPS in the URL.