Safety & Security
To prevent someone from sniffing the data during transmission, all data (not just financial data) is encrypted. The firewall(s) are Linux GuardDog and GuideDog, which front-end IP Tables limiting open ports to only those we need.
The firewall forwards all web traffic to the application server (a separate server running Apache and Tomcat). The application runs in Tomcat, both Tomcat and the application are written in Java. Only the application server and a very small number of users coming in over a secure shell login (needed for maintenance) can access the data server (a separate server).
Internal users (within the organization) require a higher level of security because they have access to the data for many people. Therefore, security is enhanced by requiring that internal computers be authenticated against a list of known computers for that organization. External users (customers) can only access their information and that of their families.
The physical security of the South Carolina servers is provided by 24/7 monitoring of the offices both by a person physically located at the office and by an alarm system. Our servers are mirrored in Livonia, Michigan using the same operating procedures.
General guidelines eTrak-plus agrees to:
- Comply with Best Management Practices regarding municipal auditing, and with any Municipal Auditor requests and recommendations.
- Conduct all transactions with Secure Socket Layer (SSL) protocol and with a valid ―transaction security certificate‖ from Verisign, Thawte, GeoTrust, or GoDaddy… the current certificates are from GoDaddy.
- Hold all customer data completely confidential, providing only to the owning customer, parent/legal guardian, and authorized by the agency.
- Not to sell or provide any customer data to anyone except as directed in writing by the agency.
- Not infringe on anyone‘s patents, trademarks or other protected rights.
- eTrak-plus represents and warrants that the software and systems provided under this agreement shall function as represented and intended and are fit for the intended purpose.
Data Storage & Data Back-up
It is acknowledged that the personal data (contact information, payment information & records, services purchased) provided by the agency and their customers will be secured and managed from the eTrak-plus NOC, located at 1095 Playground Road, Charleston, SC (Corporate Office) in a secured room with separate key access.
eTrak-plus is 100% PCI Compliant