Data Security Policies and Procedures
At Commonwealth Cash Management, we take every potential precaution to protect the privacy and integrity of your personal financial information.
Network Security and Redundancy
Our data is stored centrally in an off-site data center boasting server physical-environment isolation, limited access control, redundant power generation and climate control. The facility and data are protected by intense security services, including perimeter security profile, category-based Web filtering, virus scanning, IDS/IPS, quality of service — traffic shaping, and 24x7x365 monitoring.
In addition, we keep your financial information not on our Web servers, but on those hosted by Thomson Reuters- a world-class, IBM-certified Data Center. The Thomson Reuters Data Center, comprised of two state-of-the-art facilities totaling 175,000 square feet, is one of the largest data centers in the world.
The Thomson Reuters Data Center takes every precaution to guarantee the safety of computer equipment and your data. Built-in redundancy allows for independent operation and business continuance. Our extremely reliable, highly-available infrastructure ensures the integrity of your data and the quality of services offered to you.
We back up the contents of this data center daily, and all file changes are replicated to a "warm" backup site. This procedure protects your information in the event of a major systems issue, disaster or act of God. In an emergency situation, we would not only retain and secure your personal financial information, but also continue operations with minimal interruption.
Identity Validation and Security
Access to all company workstations is protected by biometric (fingerprint) authentication, and access to our data center by those workstations is protected by dual-factor authentication (password and token key). All customer data is stored in customer-specific databases with named-user access limitations. To access your data, an employee needs to pass three unique identity and rights validations and be a named user of the data as well.
To protect against malicious threats via email, all incoming and outgoing emails utilize multiple layers of antivirus and spam checking using MessageLabs®, a filter also used by the Federal Reserve.
Company-wide Data Security Policies
Upon hiring and training, all CCM employees agree to abide by our policies concerning the handling and use of customer-specific personal and financial data. Drawn up by experts from the Web security, law enforcement and software development fields, these policies outline specifics on the use of company-issued property such as laptops, phones and PDA's. The policies also explain how to maintain constant vigilance in the protection of our customers' data and our network.
We utilize security policy outlines recommended by The SANS Institute (SysAdmin, Audit, Network, Security), which was established in 1989 as a cooperative research organization comprised of the many security practitioners in varied global organizations from corporations to universities.
Secure Web Pages Encryption
All of the pages on our Web site containing personal and financial information are delivered to your browser through HTTPS, a secure server communications layer (SSL). SSL prevents anyone from intercepting or reading your personal information. When you send your information to us, SSL encrypts it (i.e., translates the data into a string of gibberish characters). Only CCM can decode the encryption. You can verify that SSL is enabled by looking for the padlock or key icon on your browser.
Session Timeout
CCM uses a timeout feature to log customers off their account after a specified amount of inactivity. This reduces the risk of others accessing your account from an unattended computer.
Document Destruction
All hard copy or paper documents used in the delivery of our Personal Cash Management and Business Bookkeeping services are scanned and become part of your unique database file. Once scanned, these documents are destroyed or returned to you upon request. Making these paper documents unreadable and unusable, yet archived easily in their electronic form, protects you and your personal data from identity theft.