ScreeningOne respects the privacy interests of all clients, employees and consumers. We are committed to protecting all information provided to ScreeningOne. We follow industry best practices to safeguard personal information by securing our methods of data transmission and storage.
Security is among the highest priorities and is an integral part of our system. Attention is given to high publicity threats such as viruses, denial of service attacks and other malicious activities over the Internet, as well as to maintaining the integrity and confidentiality of sensitive application data such as credit reports, social security numbers, and other personally identifying information. ScreeningOne's Information Technology team and our technology partners use industry-leading processes, technology and software to secure the system and its operating environment, including client authentication (password-controlled access), Secure Sockets Layer (SSL) protocol, 128 bit data encryption, public-private key pair, firewalls, intrusion detection, filtering routers, and data backups. Each component acts as a layer of protection to safeguard information from unauthorized users, deliberate malfeasance, and inadvertent loss.
Client Authentication – All access to the system is authenticated by username/password and sensitive information is available only to key personnel. Under no circumstances do unauthorized persons have access to personal information. User IDs and passwords are deactivated immediately upon termination or change of job assignment. Password-controlled access requires clients to authenticate through a private login ID and password before entering the system. After authenticating to the system, sessions that remain inactive for a period of time are expired, requiring the client to re-authenticate before continuing. Passwords are protected in the system using sophisticated hashing schemes, never shared, and combine with a Secure Sockets Layer (SSL) protocol transport layer to protect against eavesdropping, server impersonation, and stream tampering.
Passwords must be reset at least every 60 days and must conform to the following best practices:
- Minimum 8 characters in length
- Mix of alpha, numeric and special characters
- No re-use of a user's past 4 passwords
- No automatic scripting of passwords
In addition, any devices/systems used to obtain information services are to be turned off and locked after normal business hours when unattended by key personnel.
IP Restrictions – System access can be further restricted at the group or user level by IP address or IP range. Any attempt to authenticate to the system from a client machine outside of the configured IP address or IP range will be rejected.
Encryption – All transactions are performed in a secured environment. All transmission via ScreeningOne's system uses the Secure Sockets Layer (SSL) protocol with 128-bit encryption. The data travels encrypted and can only be decrypted with a public and private key pair.
Firewalls, Intrusions Detection and Filtering Routers – ScreeningOne's servers are protected by firewalls, intrusion detection, and filtering routers which verify the source and destination of the request traveling in information packets. The routers and firewalls are configured to reject any unauthorized traffic. The system uses network devices that only allow permitted traffic through the devices. Routers keep out traffic that does not emanate from either end of the secured session.
Physical Security – The servers are hosted at a state-of-the-art facility that is staffed on-site 24/7 to provide an immediate response to any incident. Access to the facility is restricted to authorized personnel and is secured by both password-protected keypads and biometric scans. Door, glass, and motion events at the facility are digitally recorded and archived, as well as observed live by facility staff for any suspicious activity. UPS systems and backup generators ensure electrical service to the facility. Multiple fiber providers provide Internet connectivity with diversified entry points into the facility. The cooling system incorporates redundant components, excess capacity, and high-efficiency technologies to maintain an optimal operating environment for the servers.
Personal Consumer Information - Personal information is processed only with the consumer's knowledge and authorization. Only information that is actually needed is collected and processed. Personal information is protected from unauthorized or accidental disclosure and is only seen by those persons who need it to perform their job to provide the products and services authorized by you. Personal information is retained only as long as is required by law.
Data Integrity – – Servers are configured with mirrored hard drives to provide real-time, fail over redundancy. Additionally, nightly backups of data are scheduled, with archives removed weekly to an offsite location for additionally redundancy.
Client (End User) Responsibility – Clients are expected to guard their password carefully and to not share it with or disclose it to anyone, for any reason. ScreeningOne staff will never ask clients for their passwords. Clients must also ensure the security of their ScreeningOne sessions by completely logging out of the system when finished and not leaving active sessions unattended. Paper and electronic copies of reports must be carefully controlled to prevent the unauthorized distribution or disclosure of personally identifying applicant information.
Clients entering into service with ScreeningOne are required to sign an agreement verifying permissible purpose and compliance with the law. In addition, as required by our agreement with the credit bureaus, ScreeningOne must arrange an on-site inspection of the premises for each client who will be ordering credit reports. As such, the client must allow a bureau-approved third party vendor to conduct the inspection prior to requesting any credit reports from ScreeningOne.
A robust and secure system requires a multi-faceted solution with hardware, software, and education. Critical to the success of any secure system is the education of its user community and employees on the importance and sensitivity of information. Knowledge of why and how data is secured, and the permissible uses of all information, is essential in maintaining the integrity of the system and its contents.
As a consumer reporting agency, ScreeningOne falls under the regulations set forth in the Fair Credit Reporting Act (FCRA). We are subject to an annual security audit including to ensure compliance with FCRA regulations.
Questions - Please contact: Jeff Briggs, General Counsel and Director of Compliance. JBriggs@ScreeningOne.com. Direct: (424) 201-1661.