Data Security
GivingTrax is committed to keeping your data protected in a global digital world that presents complex security risks and threats. For that reason, GivingTrax servers run on Google Cloud, one of the three most secure infrastructures available.
At GivingTrax, security is integral to our products, our business processes, and infrastructure. GivingTrax employes advanced services and technology for data security, privacy protection, fraud prevention, and a proven method for ongoing management of and updates to this infrastructure. Rest assured, your data and that of your employees is safe with GivingTrax.
Data Encryption in Transit
All data sent and received from GivingTrax is encrypted in transit using multiple layers of security including HTTPS and Transport Layer Security.
Data Encryption at Rest
Along with encrypting data in transit, GivingTrax further ensures it remains encrypted at all times. This means that data stored on servers remains encrypted at the highest level of cryptographic security available. Several layers of encryption are in use to protect data. This includes distributed file system encryption and database and file storage encryption for all user data, and storage device encryption is in place for all data. Data remains encrypted on backup media.
For detailed documentation on the encryption layers in use, please refer to: https://cloud.google.com/docs/security/encryption/default-encryption
Detect & Protect Against Threats
End-to-end encryption including encryption at rest has the following benefits:
- Helps to ensure that if data falls into an attacker’s hands, the attacker cannot read the data. Even if attackers obtain the storage devices that contain customer data, they won’t be able to understand it or decrypt it.
- Provides an important privacy mechanism for customers. When data is encrypted at rest, it limits the access that systems and engineers have to the data.
Additionally, GivingTrax utilizes the method of “least privilege”, “need to know”, and “segregation of duties” in our access policies and procedures further protecting customer data.
Protection Against Fraud
GivingTrax offers multi-authentication to make sure your account is safe guarded. This means we check the authenticity of your account access by sending a code to the registered mobile phone. Additionally, safeguards are in place to ensure a real person is logging into the account.
Additional measures against fraud are in place to prevent impersonation of organizations on the GivingTrax platform. Individuals registering an organization must provide verification they authorized to do so.
Security Training
All GivingTrax employees undergo security and privacy training as part of the onboarding process. Additionally, annual ongoing security and privacy training is in place for our team.
Incident Response Policy & Process
The following describes a high-level overview of the incident response steps currently in place:
- Report
- Investigate
- Containment and Response Actions
- Inform
- Maintain Business Continuity
- Resolve
- Recovery
- Review
Annual Assessment
To ensure ongoing compliance and protection of data, annual security risk assessments are conducted by independent certified professionals.