Security Information

This Security Information was last updated on June 1, 2018

Uploaded on June 1, 2018

PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS (PCI) CERTIFICATION

Payment Card Industry Data Security Standards apply to businesses that accept credit card payments, processes and the transmit of payment information. SignOnTheGo® follows the PCI DSS guideline to safeguard confidential information of all cardholders’ data.

DOCUMENT AVAILABILITY

SignOnTheGo® has its own data security protocol for replication to maintain multiple document storage locations.

DISASTER RECOVERY

SignOnTheGo® has a robust disaster recovery plan to counter any irregularity with regard to our client’s data. A disaster recovery plan details exactly what steps we need to take in the case of an emergency. This includes procedures to preserve documents and document security.

RETENTION IN THE CLOUD

SignOnTheGo® maintains all documents relating to its customers stores for 7 years, or as required by the customer(s), and our internal retention policy is to maintain business records in accordance with legal requirements.

DETAILED DOCUMENT HISTORY

SignOnTheGo® also creates and maintains a detailed document history for all transactions processed. These activities provide complete trace of every aspect of actions taken and who performed them. The document history is viewable within SignOnTheGo® or can be downloaded through the downloading feature. These transactions can also be validated through SignOnTheGo® blockchain verification functionality.

NETWORK SECURITY

SignOnTheGo® uses the SOC 2 methodology to ensure optimal security:

Security Network/application firewalls Two-factor authentication Intrusion detection	Availability Performance monitoring Disaster recovery Security incident handling
Processing Integrity Quality assurance Processing monitoring	Confidentiality Encryption Access controls Network/application firewalls
Privacy Access control Two-factor authentication Encryption

Data sent and received via the SignOnTheGo® platform is encrypted utilizing SSL (Secure Sockets Layer) encryption while in transit using our state of the art encryption technology. This is the same level of encryption used by leading banks and government agencies. Your documents are also stored and encrypted at REST using AES – 256-bit encryption. Each one is encrypted with a unique key. As an additional safeguard, each key is encrypted with a regularly rotated master key. This means that even if someone were able to bypass the physical security and access a hard drive, they still wouldn’t be able to decrypt Your data.

SignOnTheGo® is hosted in a state-of-the-art SAS70 Type II. Physical access is strictly controlled 365x24x7 by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floor.

Blockchain Verification

SignOnTheGo® verification is the process of running transactions through one-way mathematical equations called hashes. When a new block is created, all of its transactions are hashed, producing a unique result. These results are verified by other nodes on the network by re-running the same mathematical equations with the same inputs and confirming that the output matches exactly. If the output doesn’t match it signifies either due to an error or fraud, and the transaction will be ignored. This process works similarly for validating single transactions as well as validating new blocks.

GDPR Compliance

Following the interests of the EU residents, SignOnTheGo® guarantees full compliance with the General Data Protection Regulation (GDPR). This regulation applies strict conditions with regards to the method the organization collects, shares and manages user data. GDPR also extends the rights of customers, giving them greater control over their personal data.

For more information about SignOnTheGo® security, please contact us at: info@signonthego.us