Our Director Access equipment is located Northern New Jersey. This facility provides 24-hour physical security; keyless security swipe card access for entrance and departure of the facility and datacenter (only authorized personnel have access to the datacenter), closed circuit television surveillance integrated with the alarm and access control system, silent alarm with automatic notification of appropriate law enforcement officials.
In addition to the aforementioned security features, the facilities provide backup power sources that will provide power indefinitely via a UPS to prevent power fluctuations and a diesel generator if the primary power source becomes unavailable. Also provided are early warning fire detection and suppression systems, redundant UPS, cooling systems, and humidity control.
We also own a secondary data center where we mirror all of our services in real time.
The network perimeter is protected by redundant firewalls. All security products are carefully selected from industry-leading security providers. In addition, FIS monitors and analyzes firewall logs to proactively identify security threats. FIS also employs a security professional annually to test its defenses.
FIS leverages the strongest encryption products to protect customer data and communications. Furthermore, all confidential data is encrypted in a Microsoft SQL database./p>
An available option including both phishing protection and an out of band solution. Directors can be required to choose an image and a key phrase in order to ensure that this is the proper site they are logging into. You may also implement an out of band solution, requiring a code sent by either email or text message to be entered in order to complete login. IP recognition is also offered with this.
Users access the FIS network using proprietary security technology with a password, which is encrypted via SSL while in transmission. Users are prevented from choosing weak or obvious passwords.
We offer a rotating question in addition to the standard login. Upon creation of your Director Access site, the administrator would select 4 out of 15 questions from a list provided. When a user logs into the site, one of these four questions will appear. They must enter the answer to the question. Each user has their own set of confidential answers which they enter the first time they login. They have the ability to change these answers if necessary.
FIS backup schemes are based on a seven-day weekly schedule. A full backup is performed on Fridays, once a week. On all other days, incremental backup is performed. Full backups are kept for 1 month, while incremental backups are kept for two weeks. The last full backup of each month is kept for a full year. FIS utilizes a disk-based backup system that automatically replicates the backups to another FIS location approximately 100 miles away. Because the system involves fixed-disks, there is no moveable media to be lost or misplaced.
All networking components, web servers, and application servers are configured in a redundant configuration. All customer data is automatically backed up to an off-site data vaulting facility on a daily basis. Disaster recovery plans are in place and are tested quarterly.
If a disaster were to render the FIS production environment inoperable, failover procedures are in place to automatically route all customer data to the failover facility which is in a different geographic location. Disaster Recovery procedures are tested on a semi-annual basis.
Pages are never cached, so if a Director or administrator logs out, the back feature in the browser will not allow previous page views to be seen.
Network security against DoS, DDoS and other types of attacks is implemented with enterprise level stateful firewalls. This allows packet inspection of all incoming data, which is then used to apply the firewall rule base to insure that unwanted traffic is rejected, and only appropriate formed requests to specific hosts are permitted.
The system can enforce a complex password, which must be a minimum length of eight and include a special character. The user can change their password at any time.
If your organization wants to force all users to change their password on a regular basis, you can select the number of days the password will expire. For example, you can have the password expire every 90 days.
FIS's Director Access product was subject to an in-depth third party security review before it was brought to market. All issues found were minor and corrected before the product came to market.
FIS enforces tight operating system-level security by using a minimal number of access points to all production servers. We protect all operating system accounts with strong passwords. All operating systems and databases are maintained at each vendors recommended revision levels for security, and are further strengthened by FIS hardening procedures which disable and/or remove any unnecessary users, protocols, and processes
All data entered into the FIS application by a customer is owned by that customer. FIS employees do not have direct access to the data, except when necessary for troubleshooting customer issues. We do not access unencrypted data for maintenance or monitoring under any circumstances.
All FIS Engineers, Developers and Customer Service Agents are screened and have signed comprehensive, Confidentiality, and Security Agreements to protect clients and their valuable information. Background checks, conducted by a third-party security firm, are required on all new employees. Clients can be assured only the very best people are screened and employed at FIS.