Security Information

Physical Servers / Security

(not cloud based)

Our Director Access equipment is located Northern New Jersey. This facility provides 24-hour physical security; keyless security swipe card access for entrance and departure of the facility and datacenter (only authorized personnel have access to the datacenter), closed circuit television surveillance integrated with the alarm and access control system, silent alarm with automatic notification of appropriate law enforcement officials.

In addition to the aforementioned security features, the facilities provide backup power sources that will provide power indefinitely via a UPS to prevent power fluctuations and a diesel generator if the primary power source becomes unavailable. Also provided are early warning fire detection and suppression systems, redundant UPS, cooling systems, and humidity control.

Fully owned and operated data center and separate DR facility

We also own a secondary data center where we mirror all of our services in real time.

Perimeter Defense

The network perimeter is protected by redundant firewalls. All security products are carefully selected from industry-leading security providers. In addition, FIS monitors and analyzes firewall logs to proactively identify security threats. FIS also employs a security professional annually to test its defenses.

Complete Data Encryption

FIS leverages the strongest encryption products to protect customer data and communications. Furthermore, all confidential data is encrypted in a Microsoft SQL database./p>

Multi Factor and Out-of-Band Authentication

Multi Factor Authentication

An available option including both phishing protection and an out of band solution. Directors can be required to choose an image and a key phrase in order to ensure that this is the proper site they are logging into. You may also implement an out of band solution, requiring a code sent by either email or text message to be entered in order to complete login. IP recognition is also offered with this.

User Authentication

Users access the FIS network using proprietary security technology with a password, which is encrypted via SSL while in transmission. Users are prevented from choosing weak or obvious passwords.

Rotating Additional Question

We offer a rotating question in addition to the standard login. Upon creation of your Director Access site, the administrator would select 4 out of 15 questions from a list provided. When a user logs into the site, one of these four questions will appear. They must enter the answer to the question. Each user has their own set of confidential answers which they enter the first time they login. They have the ability to change these answers if necessary.

Data Backup Procedures

FIS backup schemes are based on a seven-day weekly schedule. A full backup is performed on Fridays, once a week. On all other days, incremental backup is performed. Full backups are kept for 1 month, while incremental backups are kept for two weeks. The last full backup of each month is kept for a full year. FIS utilizes a disk-based backup system that automatically replicates the backups to another FIS location approximately 100 miles away. Because the system involves fixed-disks, there is no moveable media to be lost or misplaced.

Reliability and Backup

All networking components, web servers, and application servers are configured in a redundant configuration. All customer data is automatically backed up to an off-site data vaulting facility on a daily basis. Disaster recovery plans are in place and are tested quarterly.

Disaster Recovery

If a disaster were to render the FIS production environment inoperable, failover procedures are in place to automatically route all customer data to the failover facility which is in a different geographic location. Disaster Recovery procedures are tested on a semi-annual basis.

Application Security

Pages are never cached, so if a Director or administrator logs out, the back feature in the browser will not allow previous page views to be seen.

Network Security Systems

Network security against DoS, DDoS and other types of attacks is implemented with enterprise level stateful firewalls. This allows packet inspection of all incoming data, which is then used to apply the firewall rule base to insure that unwanted traffic is rejected, and only appropriate formed requests to specific hosts are permitted.

More Security Features. . .

Complex Password

The system can enforce a complex password, which must be a minimum length of eight and include a special character. The user can change their password at any time.

Password Expiration

If your organization wants to force all users to change their password on a regular basis, you can select the number of days the password will expire. For example, you can have the password expire every 90 days.

Third-Party Security Review

FIS's Director Access product was subject to an in-depth third party security review before it was brought to market. All issues found were minor and corrected before the product came to market.

Operating System Security

FIS enforces tight operating system-level security by using a minimal number of access points to all production servers. We protect all operating system accounts with strong passwords. All operating systems and databases are maintained at each vendors recommended revision levels for security, and are further strengthened by FIS hardening procedures which disable and/or remove any unnecessary users, protocols, and processes

Server Management Security

All data entered into the FIS application by a customer is owned by that customer. FIS employees do not have direct access to the data, except when necessary for troubleshooting customer issues. We do not access unencrypted data for maintenance or monitoring under any circumstances.

Screened Employees

All FIS Engineers, Developers and Customer Service Agents are screened and have signed comprehensive, Confidentiality, and Security Agreements to protect clients and their valuable information. Background checks, conducted by a third-party security firm, are required on all new employees. Clients can be assured only the very best people are screened and employed at FIS.

Have questions? Contact us today to learn more

Schedule a personal demo
Contact us today!
Request a Demo
Copyright© 2017
FIS and/or its subsidiaries. All Rights Reserved.