Here at GOLDPoint, we take data security seriously. We understand that in this digital age, online security is at the forefront of everyone's mind. And we want all of our customers to feel confident and secure while using our software. Here are three ways that we ensure your data is safe with us.
Internal Audit Procedures
We want you to feel confident in knowing that your data is hosted on systems that are safe and compliant with up to date information security standards. Policies and procedures for keeping data safe and secure are put in place by the Security Committee, led by a full-time Chief Information Security Officer that reports directly to the Board of Directors. Employees receive regular security training and are required to review specific information security policies annually. They are required to acknowledge that they have read and will abide by those policies.
We also employ an internal audit team which is responsible for auditing compliance with the various policies and procedures associated with information security as defined in multiple government regulations and best practices for keeping data safe. They coordinate penetration and vulnerability testing as well as audit calculations within the application software itself. They report their findings to the Board of Directors.
External Audit Procedures
GOLDPoint has regular external audits that are published to the clients, as well. An annual SOC 1, type II and a SOC 2, Type II audit is performed to ensure that we follow the controls it has put in place. These reports provide information on the internal controls and activities designed and implemented by GOLDPoint Systems intended to meet the applicable criteria for the Security, Availability, Processing Integrity and Confidentiality trust principles. These reports are published on the GOLDPoint Systems secure web site for use by clients and their auditors.
GOLDPoint also engages an external Qualified Security Assessor to perform a PCI-DSS audit each year. Since GOLDpoint regularly stores and transmits cardholder data, it must be sure that the data is safe and secure. A separate Cardholder Data Environment network segment is maintained to make sure the data is stored on hardware and software is more "hardened" to keep it safe from attack. The Attestation of Compliance is also published on the GOLDPoint Systems secure web site for use by clients and their auditors.
As an additional safeguard, we are also audited regularly by government entities such as the FDIC, OCC, and the Utah Department of Financial Institutions.
Compliance and Vendor Management
GOLDPoint Systems also has a Chief Risk Officer who works with the Chief Information Security Officer to review contracts with new vendors as they sign up and to discuss certain security documents annually with those vendors with a high-risk rating. It is essential to make sure that our business partners are doing their part to keep our clients' data safe and secure.
The Chief Risk Officer oversees the annual disaster recovery test where clients can access their data at the backup site and ensure that they can connect and do business in case of an interruption at the primary GOLDPoint data center.
We also attend various conferences and webinars to keep up to date with changes in regulations and in the industry itself. Some of those are with the CDIA for credit reporting, AFSA for changes in the industry, and others.
With GOLDPoint Systems, you can have confidence that your data is accurate, safe, and secure.