Data Security

PRO-Webs has need to collect data from clients to perform services for their websites care, troubleshooting, development and support. The collection and storage of the data is outlined for security in the following policy.

DATA ACCESS CONTROL & POLICY

  1. Project data is considered both confidential and secured. Only necessary access is requested and assigned to only employees directly involved with the project/service.
  2. Access to the application for data collection, support, hosting and all PRO-Webs departments requires the user be logged in and requires a unique username and password for that user.
  3. All assigned employee data users will have an alphanumeric password of at least 8 characters.
  4. All assigned employee access to the data collection software credentials are changed every 40 days and only PRO-Webs employees shall have access.
  5. Project data is only maintained for the duration of the ACTIVE project plus 5 days. All inactive project data is purged after 5 days of a determination of completion or inactivity.
  6. Intruder detection is implemented on the data collection software & the offending user’s IP will be locked after 3 incorrect attempts.
  7. All data collection website/application related software is kept current to PCI/DSS standards at all times.
  8. The entire data collection site/application is protected with 256Bit private, domain validated COMODO SSL.
  9. The data collection system application is audited every 30 days for security.

HOSTED CLIENTS DATA ACCESS & CONTROL POLICY

  1. You are REQUIRED to use the helpdesk in order to receive hosting support via your BILLING account email address ONLY. Hosting issues sent via a guest ticket will be immediately discarded.
  2. We CANNOT provide access information for your hosted account to anyone but the account owner of record.
  3. If you need your hosting password reset you MUST use the helpdesk with the email address on your hosted account. You will need to give us your domain name, your full name and phone number in the ticket.  You must be logged in to the helpdesk, guest tickets are unacceptable.
  4. We will require a PHONE CALL VERIFICATION at the phone number on file to provide BOTH username and password credentials for your hosted account.  You must be logged in to the helpdesk, guest tickets are unacceptable.
  5. If you are brute force locked out you MUST use the helpdesk to ask for it to be cleared and you must provide your IP address in the ticket. You can get your IP address here.  You must be logged in to the helpdesk, guest tickets are unacceptable.
  6. PCI issues require your report to be submitted in PDF format. Please update your ticket after creating it and click the “camera” to upload your report. You must be logged in to the helpdesk, guest tickets are unacceptable.

PRO-Webs, Inc NEVER stores credit card numbers anywhere, in any format digital or otherwise. Credit card numbers are entered by the client into our payment software and transmitted immediately with encryption to processor Authorize.net. Other payment options include off site payment forms such as Google Checkout and PayPal.

Last Updated 10/06/2013

PCI/DSS Compliance 100%