As is appropriate for the nature of PII collected and stored by Medallion, the eSETTLEMENT Platform has industry standard security measures or safeguards in place to protect against the loss, misuse, and alteration of the PII under Medallion's control. Some of Medallion's current measures are noted below.
- ISO17799-Based policies and procedures, reviewed on a periodic basis as part of our hosting provider’s SAS70 II audit process.
- Hosting Environment is regularly monitored 24x7 (subject to maintenance).
- Data Center access limited only to data center technicians.
- Biometric scanning for controlled data center access.
- Security camera monitoring at all centers where Medallion data will be housed.
- 24x7 on site security to protect against unauthorized entry in unmarked facilities to maintain a low profile. Physical security is audited by an independent firm.
Network / System Security
- Firewall. All Medallion hosts are protected by a dedicated Cisco ASA or superior firewall.
- Managed by Medallion's hosting providers' security engineers 24x7 (subject to maintenance)
- System installation using hardened, patched OS
- System patching configured to provide ongoing protection from exploits
- Offsite backups are encrypted
- Data is validated to provide protection from outside exploits.
- Java EE Security Practices
- Use random generation of initial passwords.
- All passwords encrypted during transmission and while in storage.
- Audit Trail. Users access to the platform. (Login/Logout/Failed Login), Password changes, Upload, View, Download and Deletion of Documents, and User activities
- Quarterly intrusion test and security assessment
- Relevant employees are trained on documented information security and privacy procedures
- Access to confidential information restricted to authorized personnel only, according to documented process
- Systems access logged and tracked for auditing purposes
- Secure document-destruction policies for all sensitive information
- Documented change-management procedures
- Independently audited disaster recovery and business continuity plans in place for hosting environment and support services.
- Secure media handling and destruction procedures for all customer data.
Although Medallion has endeavored to make any information entered into the eSETTLEMENT Platform secure and reliable, the retention or confidentiality of any PII cannot be assured. Accordingly, the information set forth in this policy statement is not a guarantee of any kind with respect to the storage or the prevention of any unauthorized use of or access to any PII stored by Medallion.
Medallion reserves the right to change this Storage &Security Policy at any time. If Medallion makes changes to this Storage &Security Policy, Medallion will post those changes at this location and provide notice of any material changes. Please review this Storage &Security Policy on a periodic basis.