Information Security Policy.
Vertical Identity has developed and maintains policies and procedures to insure information security over five broad areas within our environment:
The following is an overview of our information security principles and areas of emphasis. Each of the following broad areas has multiple, detailed procedures for insuring the information security.
Information Policy Fundamentals:
Access to confidential consumer information is limited to those who have a legitimate need to know the information. Those with a legitimate need to have consumer information are Vendors, Clients, Employees and Consumers.
Vendors, Clients and Employees are vetted, only provided/granted access/information necessary to their legitimate needs and then contractually bound to keep all information confidential. Consumers are vetted before information is disclosed.
Employees are prohibited from “browsing” files or databases without a business justification and the prohibition is contractually bound.
We maintain records on each request for information and identify each user who requested information on a consumer.
Destruction of consumer information follows the Federal Trade Commission’s requirements that the information be unreadable upon disposal.
● Physical Security
Access to our computer terminals, file cabinets, fax machines, trash bins, desktops, etc. are secure from unauthorized access. Our offices are securely locked and monitored by an alarm system. Authorized visitors to our facility are checked in and monitored.
● Electronic Security
We maintain a secure network to safeguard consumer information from internal and external threat. Our backup data is maintained in an encrypted form. Access by users over the internet requires a confidential user name and strong password.
● Communication Security
All Consumer Information transmitted using our computer network, including email, is secured using a minimum of 128-bit SSL encryption. No Consumer Information is sent over the internet that is not encrypted or secured with a minimum of 128-bit SSL encryption. This includes the body of emails or attachments. Access by users over the internet requires a confidential user name and strong password. Other means of communication i.e., fax and mail have specialized procedures to insure communication security.
● Portable Electronic Storage Devices
The storage of any consumer information outside the premises on any portable electronic storage device or media is prohibited and contractually agreed to by employees with the exception of secure transport of backup materials to approved, vetted storage facility.