Data Security ============= You data is very important to you an to us. We take very seriously our responsibility to give you secure, convenient, fast and reliable access to you database. This document discusses measures we have implemented to provide that. Security Architecture --------------------- System resources are protected against unauthorized access. Access controls help prevent potential system abuse, theft or unauthorized removal of data, misuse of software, and improper alteration or disclosure of information. Our security infrastructure is implemented at several levels: Network and Web Application Firewalls These include: * Internal and intranet firewalls * Web application firewalls (WAF) * Extranet access only through approved channels Encryption Using the Latest Standards Communications between our servers (where your data resides) and clients or secondary services are encrypted. * User access to your database requires an encrypted connection, enforced by HSTS and Upgrade-Insecure-Requests content security policies. * Communication between our servers and secondary services, such as payment gateways, use TLS 1.2 only. Roles-based Data Access Access to data is determined by roles that are assigned to users only by a church admin or by TouchPoint Support. You control who has access to view or modify, for example, financial information or membership data. Minimal Privilege Allowance Our policy is to grant access to data only when necessary and we encourage our partner churches to follow the same policy. Two-factor Authentication (2FA) Two-factor authentication is available to enhance the security of account logins to your database. You can read full information in the help article :doc:`TwoFactorAuthentication`. Features include: * Church policy can require 2FA for all accounts that have a specified role. * It is implemented with the industry-standard time-based, one-time password protocol (TOTP). * A unique key is used for each partner church. Intrusion Detection Our Web Application Firewall implementation detects intrusion attempts and other security events and alert system administrators so the appropriate response can be taken. Automatic Attack Mitigation for Common Attack Vectors These common attack vectors include: * Denial of service (DOS) * Man-in-the-middle attacks * Brute force attacks Data Segregation and Protection To ensure data security and integrity, your data is segregated from the data belonging to all our other partner churches. * Customer databases are segregated -- that is, your data is stored in a database entirely distinct from the databases of other partner churches. * Data is stored with encryption at rest (i.e., it is stored encrypted on the disk). Combined with the encryption in transit described above, this means your data is always encrypted. * Account-level isolation to limit access to one database Redundancy Redundancy is designed into our service -- from copies of your data at multiple sites to multiple servers delivering your data. * Automatic failover systems -- for example, if one web server goes down, other servers automatically take its place. * Backups stored offsite (See below for more information about Backups) * Secondary systems for disaster recovery Confidentiality Data is considered confidential if its access and disclosure is restricted to a specified set of persons or Involvements. Examples may include data intended only for company personnel, personal details, and sensitive financial information. Encryption controls are essential to protecting the confidentiality of customer data during transmission. Network and application firewalls, together with rigorous access controls, are used to safeguard information being processed or stored on our systems. Privacy TouchPoint systems are audited and maintained for the safe collection, use, retention, disclosure and disposal of personal information in conformity with our privacy policy, U.S. federal and local government statutes, as well as with criteria set forth in the OWASP generally accepted privacy principles (GAPP). Personal identifiable information (PII) refers to details that can distinguish an individual (e.g., name, address, Social Security number). Some personal health and identity data is also considered sensitive and generally receives an extra level of protection. Controls are implemented in TouchPoint to protect all PII from unauthorized access. PCI Level 2 Compliance While payment information is transited through our systems, we do not store any sensitive information. Our compliance includes the following: * Firewalls configured and maintained for all our infrastructure * System passwords are original (not vendor-supplied) * Transmissions of cardholder data across public networks is always encrypted * Anti-virus software is used and regularly updated * Secure systems and applications development standards are maintained * Cardholder data access is restricted on a need-to-know basis * Every person with access is assigned a unique ID * Physical access to cardholder data is restricted * Network monitoring and testing policies are in place to ensure compliance Backups * We back up your data nightly and preserve backups on a rolling daily, weekly, and monthly basis for up to two years. * Our cloud servers have redundant secured storage at Rackspace and Azure. * Your church owns your data and can have a copy upon request. .. seealso:: :doc:`DatabaseBackups` | | +--------------------+------------------+ | **Latest Update** | **2/2/2022** | +--------------------+------------------+ Add link to Nightly Database Backups article