AUTOSCRIBE SECURITY POLICY
PURPOSE The Information Security policy is intended to define the controls used to safeguard and centralize information relating to Autoscribe's requirements for secure storage of sensitive and/or confidential information, with an emphasis on customer account data. No part of this policy is meant to conflict with existing federal, state or local laws or regulations. In the event of a conflict, the existing law will take precedence.
SCOPE This policy applies to the information security aspects of the PaymentVision portal. Similar policies are available for other Autoscribe hosted products.
DATA PROTECTION Where possible, all customer account data is encrypted prior to transmission outside of Autoscribe’s production network and before storage in flat files, temporary directories, databases and other forms. All encryption keys are securely stored in an encrypted form, and key-encryption information is stored separately from data-encryption information. Customer information that is transmitted for purposes of settlement and cannot be encrypted (e.g., ACH files), is transmitted only through a secure encrypted channel. After transmission, files or data are encrypted for storage or destroyed. Proven, standard encryption algorithms, such as DES, RSA, and IDEA, are used as the basis for encryption technologies. These algorithms represent the actual cipher used for an approved application. Asymmetric crypto-system keys must be of a length that yields equivalent strength. Autoscribe’s key length requirements are reviewed annually and upgraded as technology allows. The use of proprietary encryption algorithms is not allowed for any purpose, unless reviewed by qualified experts outside of the vendor in question and approved by the Network Operations team. Be aware that the export of encryption technologies is restricted by the U.S. Government. Residents of countries other than the United States should make themselves aware of the encryption technology laws of the country in which they reside.
INFORMATION STORAGE All customer account data stored on Autoscribe’s network is encrypted. All long-term storage methods, including, but not limited to database tables, files uploaded from clients, transaction logs, and history files are subject to these requirements. Customer account data is stored on Autoscribe’s network for only the length of time required by law or by Autoscribe’s individual business requirements. The production network is swept on a quarterly basis to ensure that no files are saved beyond the required retention period.
ACCESS No customer account data will be made available through unsecured Web sessions. HTTPS (SSL) security is required for all Web-based sessions that can view or transmit customer account data. When presenting account numbers during these sessions, all unnecessary digits are masked, leaving only the last four digits (in the case of a credit card number) visible to the user.
MEDIA STORAGE All customer account data on external media is encrypted and password-protected. Any media containing customer account data is labeled as Confidential, including media distributed to individuals and media removed from the production facility as part of an offsite backup plan. All media placed in or removed from the facility is logged. Any media transported to an offsite location is sent via secure courier or another traceable mechanism. All media is stored securely, and periodically inventoried to ensure that all media is accounted for. Any media that is destroyed is subjected to permanent data destruction techniques, such as a military-grade wipe program or degaussing, before it is permitted to leave the production facility.
COLLECTING AND USING YOUR PERSONAL DATA
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
USAGE DATA Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
INTRUSION DETECTION The possibility exists that unauthorized persons will gain access to Autoscribe’s network, despite our best efforts at preventing intrusions. All security logs on the network are reviewed at least daily, and any exceptions to routine traffic will be followed up. Logs and audit trails are retained for at least one year, online or offline.
MONITORING All access to the secure facility is monitored and logged by the data center provider. All access is monitored 24 hours a day through live and recorded closed circuit cameras.
PRIVACY To ensure the proper functioning of the network, staff may monitor network, data, and statistics. Anomalies are reported and investigated where deemed appropriate. Autoscribe retains the strictest of confidence and use all confidential information only in conjunction with the services it provides. Confidential information will not be disclosed to any Third Party that does not adhere to Autoscribe’s Confidentiality policies.
POLICY CONTACTS Questions regarding this policy should be addressed to:
Autoscribe Corporation
Attn: Network Operations Team
9711 Washingtonian Blvd.
Suite 440
Gaithersburg, MD 20878
(301) 987-0700
