Security

The Safe-Screen company tag line is Keeping You Safe™, and we take that seriously.  These are but some of the security measures we take to keep our background check clients and applicants information secure.

Security is a high priority and an integral part in the operation of the Safe-Screen applicant screening system. Attention is given to threats such as viruses, denial of service attacks, and other malicious activities over the Internet, as well as to maintaining the integrity and confidentiality of sensitive application data such as credit reports, social security numbers, and other personally identifying information. Safe-Screen uses industry-leading technology to secure its operating environment, including client authentication (password-controlled access), Multi Factor Authentication, data encryption, public-private key pair, firewalls, intrusion detection, filtering routers, and data backups. Each component acts as a layer of protection to safeguard information from unauthorized users, deliberate malfeasance, and inadvertent loss.

The Safe-Screen ordering site maintains connections with users via TLS 1.0, AES with 128 bit encryption (High); RSA with 1024 bit exchange.  All data is encrypted as it travels between the client web browser and the Safe-Screen servers and can only be decrypted with a public and private key pair, thus protecting against eavesdropping, server impersonation, and stream tampering.

Password-controlled access requires clients to authenticate through a private login ID and password before accessing the system. After authenticating to the system, sessions that remain inactive for a period of time expire, requiring the user to re-authenticate before continuing. Additionally, user accounts that remain unused for extended periods of time are automatically disabled. User passwords are protected in the system using sophisticated hashing schemes and should never be shared. Passwords must be reset at least every 90 days, differ from the previous three passwords, be at least 8 characters in length, and contain at least one each letter and digit.

Multi-Factor Authentication (MFA).  There are three classes of factors in MFA: 1) Something a person knows, e.g., user-name and password; 2) Something a person has, e.g., digital certificate, token, or physical device; and 3) Something a person is, e.g., fingerprints or retina pattern. Safe-Screen currently requires authentication based on “what a person knows” (user-name and password), and provides an option for “what a person has” (IP address restrictions). IP address restrictions are not always practical, however, and can be time consuming to manage. We now provide a more user-friendly means to restrict access based on an additional factor from the “what a person has” class: their SMS/text enabled phone.

When logging into Safe-Screen from an unrecognized computer, the authorized user will receive, via SMS/text, an additional authentication token to enter in with the username and password. Once verified, that computer will be “registered” in Safe-Screen and the user will be able to login from that computer with just the username and password for subsequent sessions. This registration process will be required every 30 days, as well as anytime the user logs in from an unregistered computer.

The Safe-Screen servers are protected by firewalls, intrusion detection, and filtering routers which verify the source and destination of communications. The routers and firewalls are configured to reject any unauthorized, suspicious, or disallowed traffic. Routers keep out traffic that does not emanate from either end of the secured session between the client and the server.

The physical server machines are hosted at a state-of-the-art collocation facility that is staffed on-site 24/7 to provide an immediate response to any incident. Access to the facility is restricted to authorized personnel and is secured by both password-protected keypads and biometric scans. Door, glass, and motion events at the facility are digitally recorded and archived, as well as observed live by facility staff for any suspicious activity. Uninterruptable power supply (UPS) systems and diesel generators ensure electrical service to the facility. Multiple fiber providers provide Internet connectivity with diversified entry points into the facility. The cooling system incorporates redundant components, excess capacity, and high-efficiency technologies to maintain an optimal operating environment for the servers.

Database servers are configured with mirrored hard drives to provide real-time, fail over redundancy. Additionally, nightly backups of data are scheduled, with archives removed weekly to an offsite location for additionally redundancy.

 

 

The servers hosting the Safe-Screen ordering site have achieved the Verizon Cybertrust Security Certification.

The Verizon Cybertrust Security Certification seal symbolizes that this organization’s security controls have been assessed and validated by an industry leader in information security.

Being Verizon Cybertrust Security Certified is a critical competitive differentiator, as it demonstrates to customers, partners, vendors and the public that information security is a top priority for this organization. The Verizon Cybertrust Security Certification also provides immediate credibility of this organization’s ongoing security management efforts.

The Verizon Cybertrust Security Certification provides a process for ongoing risk management and mitigation, and enables organizations to obtain a thorough yet practical level of security.

 

Payment Card Industry Data Security Standards validation, (PCI DSS) SecurityMetrics

SecurityMetrics PCI Certified

After review of our security policies, procedures, regulations and after conducting a scan of our system for vulnerabilities, SecurityMetrics, a third-party PCI security verifier has found Safe-Screen to be compliant with the PCI DSS. Verification of meeting these rigorous data security standards ensure that our customer’s sensitive credit card data is protected from compromise.

 

Verified Merchant, Authorize.net

Cage & Associates, Ltd./Safe-Screen is a verified merchant by merchant account/credit card processing firm, Authorize.net. The safety and security of our client’s sensitive credit card data is important to Safe-Screen.

 

SiteLock

website security

SiteLock is a leader in website security services for online businesses. Utilizing one of a kind technology developed by seasoned security and business veterans trained at Caltech, MIT, Wharton and Stanford, SiteLock’s patented 360-Degree scanning provides the ultimate protection while still being light enough to not affect your server or website performance.

Deep 360-Degree Scan; User Web Application Scan, Backdoor Vulnerability Scan, SQL Injections Scan, Cross Site Scripting (XSS)

Daily Reputation Management Scanning; Spam Verification Level, Malware Scanning

Daily Business Validation Scanning; Business Verification, Phone Number Verification

 

Electronic signature and document management.

 

In an effort to reduce the number of physical pieces of paper floating around and to increase the safety and security of sensitive information, Safe-Screen uses an electronic signature and document management system.  Some of the security measures employed to secure these documents include;

Data Center Security, System Security, Operational Security, Application Security, Full 128-bit SSL encryption for all documents and data, Only e-signature system fully certified by Salesforce.com, Transaction Security, PDF documents encrypted and password protected, Signed documents verified by Adobe digital signatures.

The Electronic Signatures in Global and National Commerce Act (“E-Signature Act”) became effective in the US on October 1, 2000. Since then, online electronic signatures on commercial transactions and most other agreements have a legal status equivalent to a written signature.

US state law modeled on the Uniform Electronic Transactions Act (UETA) also provides a legal framework for electronic transactions. It gives esignatures and records the same validity and enforceability as manual signatures and paper-based transactions. This UETA was adopted by the National Conference of Commissioners on Uniform State Laws (NCCUSL) in 1999.

The 1999/93/EC Directive on Electronic Signatures was signed in December 1999 to establish a common framework for electronic signatures, and was subsequently complemented by the Electronic Commerce Directive. All principal member states have since incorporated EU e-Signature guidelines into their national legislation.

The UK has adopted and implemented certain provisions of the EU’s Electronic Commerce Directive in the Electronic Communications Act 2000, which makes e-signatures legally admissible in the UK. The Consumer Credit Act of 1974 was amended in 2004 to further facilitate the electronic signing of credit agreements

 

Secure Fax

Occasionally there is a need to send or receive a fax.  Safe-Screen uses a secure fax service instead of a fax machine.  While there are a variety of fax to email/computer to fax services, they are inherently not a secure method of transmission.  Eliminating the fax machine allows for sending and receiving document in an electronic formats, directly from the systems we are operating in, saving time, paper, ink and allowing for greater accuracy and security we use a secure method that encrypts the data and that meets and exceeds the requirements for sending Protected Health Information (PHI) as required by the regulations of the Health Insurance Portability and Accountability Act (HIPPA).

Our secure fax number is 855-879-0909 and works like faxing from any fax machine.

 

        
Contact us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Questions, issues or concerns? I'd love to help you!

Click ENTER to chat