Secure & Compliant

Introduction

The Cedalius Group, LLC has developed and maintains policies and procedures to ensure information security over five broad areas within our environment:

  • Confidentiality
  • Physical Security
  • Electronic Security
  • Communication Security
  • Portable Electronic Storage Devices

Security is a high priority and attention is given to high publicity threats such as viruses, denial of service attacks, and other malicious activities over the Internet, as well as maintaining the integrity and confidentiality of sensitive application data such as credit reports, social security numbers, and other personal identifying information.

Confidentiality

Access to confidential consumer information is limited to those who have a legitimate need to know the information. Those with a legitimate need to have consumer information are Vendors, Clients, Employees and Consumers.

Vendors, Clients and Employees are vetted, only provided/granted access/information necessary to their legitimate needs and then contractually bound to keep all information confidential. Consumers are vetted before information is disclosed.

Employees are prohibited from “browsing” files or databases without a business justification and the prohibition is contractually bound.  Moreover, we maintain records on each request for information and identify each user who requested information on a consumer.

The Cedalius Group’s destruction of consumer information is in accordance with the Federal Trade Commission’s requirements that the information be unreadable upon disposal.

Physical Security

Physical security is the protection of personnel, hardware, programs, networks, and data from physical circumstances and events that could cause serious losses or damage to an enterprise, agency, or institution. This includes protection from fire, natural disasters, burglary, theft, vandalism, and terrorism.

On-Site Security

Access to our computer terminals, file cabinets, fax machines, trash bins, desktops, etc. are secure from unauthorized access. Our offices are securely locked and monitored by an alarm system. Authorized visitors to our facility are checked in and monitored.

Data Physical Security

The physical server machines are hosted at a state-of-the-art collocation facility that is staffed on-site 24/7 to provide an immediate response to any incident.

Electronic Security

The Cedalius Group maintains a secure network to safeguard consumer information from internal and external threats. Our backup data is maintained in an encrypted form.

User Authentication

Password-controlled access requires users to authenticate with a private login ID and password before accessing the system. Passwords must be reset at least every 90 days.

Client Responsibility

Clients are expected to guard their password carefully and not share it with or disclose it to anyone for any reason. Paper and electronic copies of reports must be carefully controlled to prevent the unauthorized distribution or disclosure of personally identifying applicant information.

Firewalls, Intrusions Detection and Filtering Routers

The servers are protected by firewalls, intrusion detection, and filtering routers that verify the source and destination of communications.

Communication Security

All transactions are performed in a secured environment.  Supported web browsers automatically secure all consumer information communications transmitted via our network, using the Secure Sockets Layer (SSL) 3.0 or Transport Layer Security (TLS) 1.0 protocol using 128-bit encryption. All data is encrypted as it travels between the client web browser and our servers. No Consumer Information is sent over the internet that is not encrypted or secured with a minimum of 128-bit SSL encryption. This includes the body of emails or attachments. Access by users over the Internet requires a confidential user name and strong password.  Other means of communication i.e., fax and mail have specialized procedures to ensure communication security.

Portable Electronic Storage Devices

The storage of any consumer information outside the premises on any portable electronic storage device or media is prohibited and contractually agreed to by employees with the exception of secure transport of backup materials to an approved, vetted storage facility.