RiskScreen Security Statement

This statement was last updated on 6th June 2018

At RiskScreen we’re committed to the security of our customers’ data and provide multiple layers of protection for the information you entrust to us.     These protective measures and our information security policies are reviewed regularly and updated as necessary to meet our business needs and changes in technology and regulatory requirements.

These policies and measures include:

  • controlled access – as a RiskScreen customer you have the flexibility to invite unlimited users into your account to collaborate on your screening needs, and the person that holds the subscription has control over who has access and what they are able to do.  We maintain administrative and technical controls to restrict our staff access to RiskScreen information

 

  • user authentication – we provide access to the RiskScreen software via a login and password (which, depending on the service utilised, require various levels of password complexity)

 

  • data encryption – we encrypt all data that goes between you and RiskScreen using industry-standard TLS (Transport Layer Security), protecting your personal and financial data. Your data is also encrypted when we transfer it between data centres for backup and replication

 

  • network protection –  we utilise multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. RiskScreen’s security services are configured, monitored and maintained according to industry best practice. Our public web infrastructure has been stress and penetration tested by an industry-leading security vendor to leverage their expertise and global threat intelligence to protect our systems

 

  • education and training – we ensure that our staff are aware of and comply with our policies, procedures and controls

 

  • strategic planning – we maintain a business continuity and disaster recovery strategy that applies to RiskScreen and which is designed to safeguard the continuity of access to, and security of, RiskScreen

 

  • physical security – access to locations of RiskScreen servers is strictly controlled

 

  • monitoring – we continuously monitor our security systems, event logs, notifications and alerts from all systems to identify and manage threats