HOW DOES IMPACT SAVINGS KEEP MY DATA SECURE?
Impact Savings takes data privacy and security very seriously. We employ industry best practice including bank level encryption technology and firewalls to protect your data.
Impact Savings is a McAfee Secure Site. McAfee constantly test it to ensure it is free of malware, viruses, phishing attacks, and more.
Protecting Customer Data
Our systems are hosted on Amazon AWS infrastructure. Impact Savings is deployed using Amazon Web Services (AWS), enabling us to guarantee high security through utilizing a series of high tech, best in the industry solutions that work to ensure the safety of all user data on the AWS network.
A variety of environmental controls are implemented at our AWS hosted data centre facilities.
• Servers are locked inside the infrastructure in a designated area.
• The server area is cooled by a separate air conditioning system, which keeps the climate at the desired temperature to prevent service outage.
• The facilities are protected by a fire suppression system, which protects the computing equipment and has built-in fire, water, and smoke detectors.
• The facilities have on-site generators, which serve as an alternative power source.
• There is 24-hour video surveillance of all entrances and exits, lobbies, and ancillary rooms. The videos are recorded and monitored, and retained.
SSAE16 and SOC1
Amazon’s data centers have a SSAE16 SOC1 service auditor’s report as the result of an in depth audit of the centers’ control objectives and control activities, including controls over information technology and all other related processes. Please visit the following links: https://aws.amazon.com/compliance, https://aws.amazon.com/security
Customer data is stored only in the production environment. All logs of connections to our production environment are saved and archived. Information in your account is encrypted and delivered on a per-user-access controlled basis.
Firewalls: Applications in the hosting and cloud have firewalls installed to shield them from attack and prevent the loss of valuable customer data. The firewalls are configured to serve as perimeter firewalls to block ports and protocols.
DDoS mitigation: All application access, including direct application access and API access, are protected by a dedicated DDoS mitigation service to ensure high availability at all times, as well as prevent attacks and malicious activities.
Our systems are designed to ensure data is protected at all times. This includes customer data in transit and at rest. User account passwords are hashed and salted with a modern hash function.
We know your data is private and confidential. We have strict controls to ensure that your data is never seen by anyone who should not see it.
Secure Software Design
Any new feature or code that will be implemented into our system starts with an analysis of security and privacy risks. All code is saved into a version control repository and evaluated in both test and user acceptance environments before deploying it into our production environment. All code is reviewed by a second developer to ensure code quality
We consistently back up the data of our customers. Data is backed up on a daily basis. Backups are encrypted and retained for 25 days.