RFPIO uses some of the most advanced technology for Internet security that is commercially available today.
Application and User Security
- SSL/TLS Encryption: All data-in-transit are encrypted using SSL/TLS.
- User Passwords: All user passwords are stored in the database only after being passed through a one-way hash-and-salt technique.
- Data Encryption: Certain sensitive user data is stored in encrypted format.
- Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.
- Data Centers: Our servers are with Amazons AWS and are hosted within the US. AWS infrastructure is housed in Amazon-controlled data centers. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access.
- Uptime: Continuous uptime monitoring, with immediate escalation to RFPIO staff for any downtime.
- Firewall: Firewall restrictions are in place to prevent illegal access.
- Patching: Latest security patches are applied to all operating system and application files to mitigate newly discovered vulnerabilities.
Organizational & Administrative Security
- Training: We provide security and technology use training for employees.
- Access: Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis.
- Audit Logging: We maintain and monitor audit logs on our services and systems.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if RFPIO learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any RFP data you download to your own computer away from prying eyes.