Security, Confidentiality, and Availability Policy
Authentify is committed to providing high availability services and to maintaining the security of our systems and the confidentiality of information entrusted to us in the course of our business. We recognize the need for appropriate protection and management of all data you share with us. We require every employee to review our security and confidentiality policies and sign an acknowledgement recognizing their responsibility to act in accordance with those policies. We actively monitor all of our systems and services and take necessary and prudent actions when a potential problem is detected.
Internally, Authentify operates secure data networks that are not available to the public. A number of security controls are used to prevent unauthorized access and to secure employees' computers and their access to our internal networks.
Externally, the Authentify service may be accessed by our customers via the Internet. When transmitting information to Authentify via the Internet, data security is provided through the use of a security protocol called Secured Sockets Layer (SSL). SSL is an Internet security standard using data encryption and Web server authentication. Encryption strength is measured by the length of the key used to encrypt the data; that is, the longer the key, the more effective the encryption. Using the SSL protocol, data transmission between you and the Authentify server is capable of performing up to a 256-bit level of encryption. We employ additional controls such as customer authentication credentials.
Even though we strive to protect the information provided to Authentify, Authentify cannot guarantee the security of data transmitted over the Internet. As such, we cannot ensure or be held responsible for the security of any information you transmit to or receive from us via the Internet beyond our commitment to employ appropriate security protocols.
We have developed and maintain corporate security policies based on industry best practices and our own experience. The policy is explained to all new employees, and regularly reinforced with existing employees. We review our security policies on a regular basis, including our legal and regulatory requirements, and changes are made as necessary. The policies undergo review on an annual basis by the information technology department. These defined security policies detail access privileges, information collection needs, accountability, and other such matters. Documented system security objectives, policies, and standards are consistent with system security requirements defined in legal agreements we may have with our customers. Our policy documents are available for review by our customers upon request. These documents are not available to the general public for review.
Authentify will, in the normal course of its business, have access to certain customer information. All such information is deemed confidential by Authentify, and Authentify does not claim to own the data. We will not use such information for any purposes other than at the instruction of our customers and for our own internal business purposes such as billing procedures. Access to such information held by Authentify is limited to our employees, and any third-party subcontractors we may elect to use, and is provided only as necessary to perform the services our customers have requested of us.
Access to confidential data may need to be provided to appropriate parties (e.g., law enforcement officials) in response to subpoenas, court orders, or other manner of due process. Authentify is compelled to comply with applicable laws and regulations in such matters. Where possible, Authentify will notify the affected customer(s) of such actions.
Access to information designated as confidential will be restricted to only our employees with a need to know. We will not provide such information to third parties without our customer's prior permission. When we do provide information to third parties, we do so only at the instruction of our customer. If we have provided data to a third party at the instruction of a customer, we make no representation regarding the confidential treatment of such information by the third party. Should confidential information become public through your actions or actions of a third party, our responsibility to maintain confidentiality protection ceases. Unless otherwise stipulated in a specific customer contract, our confidentiality protection is for a period of two years, after which we will cease to provide protection.
Our services and the protection of confidential information are subject to third-party dispute resolution. Complaints should be submitted to one of the neutral, accredited dispute resolution service providers: eResolution, the National Arbitration Forum, WIPO (the World Intellectual Property Organization) or the CPR Institute for Dispute Resolution.
Our goal at Authentify is to provide uninterrupted service 24 hours per day, 7 days a week, 365 days a year. While system maintenance is inevitable, our service level agreements reflect up-time commitments of 99.9% or better. Authentify systems are located and operate out of multiple geographically-dispersed and load-balanced data centers. The systems within each data center are fault tolerant to accommodate component failures. The overall architecture is designed to handle full load without service degradation in the event of a complete failure of a single data center. Authentify will notify customers if scheduled maintenance will affect availability (customer SLAs contain specific notification policies and procedures). Up-time is calculated based upon a monthly accumulation of the number of minutes of downtime. We have developed and maintain a disaster recovery and business continuity plan. In the event of a disaster or other prolonged service interruption, we have a recovery plan that includes the use of alternative service sites to allow for business resumption within 24 hours.
Changes and Deviations
Our policies are regularly reviewed and modified as necessary and appropriate. Changes to our security, availability, and confidentiality policies will be posted on this page as appropriate. Authentify is not responsible for providing notice of such changes. Some Authentify customers have requirements that differ from the standard Authentify policies. Where Authentify has accommodated such deviations in policy, we ensure that such deviation will not reduce the level of security, confidentiality, and availability presented on this page.
Authentify has in place a means to allow customers to provide comments, complaints, or concerns regarding these policies. Any such comments regarding these policies can be sent to firstname.lastname@example.org. All comments must be accompanied by a name, postal address, email address and telephone number of the submitter. Should you believe that there has been a breach in the security, confidentiality or availability of our systems, please contact us immediately via email at email@example.com, or by phone at (866) 408-1688.
If you have any questions about our organization or the services we offer, please contact us at firstname.lastname@example.org.