Capitalwize, LLC understands that the confidentiality, integrity and availability of our customers’ information is vital and very important. To protect that key information, we use a multi-layered approach and constantly monitor and improve our application, systems and processes to quickly address potential security demands and challenges.
SECURE DATA CENTERS AND CONNECTIONS
Our data service is stored in dedicated spaces at top-tier data centers. These facilities provide a number of data protection and recovery services, including:
SECURE DATA TRANSMISSION AND SESSIONS
- Connection to the Capitalwize 360 environment via SSL 3.0/TLS 1.0, using global step-up certificates from Symantec (formerly VeriSign) and other trusted certificate authorities, ensuring users have a secure connection from their browsers to our service
- Individual user sessions identified and re-verified with each transaction, using a unique token created at login
GUARANTEED NETWORK PROTECTION
- Perimeter firewalls and edge routers block unused protocols
- Internal firewalls segregate traffic between the application and database tiers
- Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts and reports
- A third-party service provider scans the network externally and alerts us of changes in baseline configuration
RELIABLE DISASTER RECOVERY AND DATA BACKUP PROTOCOLS
- Real-time replication to disk at each data center, and hourly data replication between the production data center and the disaster recovery center
- Data transmitted across encrypted links
- Data is backed up using EMC Data Domain on a weekly rotating schedule of incremental and full backups
- Backups are sent electronically over secure links to secure secondary data center for offsite storage
- Annual disaster recovery tests verify our projected recovery times and the integrity of the customer data
BUILDING ACCESS CONTROL AND PHYSICAL SECURITY PROTOCOLS
- 24-hour manned security, including foot patrols and perimeter inspections
- Video surveillance throughout facility and perimeter
- Biometric scanning for access
- Dedicated, concrete-walled data center rooms
- Computing equipment in access-controlled steel locked racks
- Building engineered for local seismic, storm, and flood risks
- Tracking of asset removal
ENVIRONMENTAL CONTROLS
- Humidity and temperature control
- Redundant (N+1) cooling system
FIRE DETECTION AND SUPPRESSION
- VESDA (very early smoke detection apparatus)
- Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression
PROTECTED POWER SOURCE AND BACKUP SYSTEMS
- Underground utility power feed
- Redundant (N+1) CPS/UPS systems
- Redundant power distribution units (PDUs)
- Redundant (N+1) diesel generators with on-site diesel fuel storage
NETWORK CONNECTION RELIABILITY
- Redundant internal networks
- Network neutral, connecting to all major carriers and located near major Internet hubs
- High bandwidth capacity
INTERNAL AND THIRD-PARTY TESTING AND ASSESSMENT
In addition, eMoney Advisor regularly tests and monitors all systems, data and personnel for potential security risks:
STRICT INTERNAL MONITORING
- Information Security department tests all code for security vulnerabilities before release and continually monitors notifications and alerts from internal systems to identify and manage threats
PERSONNEL YOU CAN TRUST
- Comprehensive background checks conducted on all employees as a condition of employment
ANNUAL THIRD-PARTY ASSESSMENTS
- Application vulnerability threat assessments
- Network vulnerability threat assessments
- Selected penetration testing and code review
- Security control framework review and testing
Combined, our internal and external data and systems security protocols offer protection you and can trust.