Security

Safe and Secure Verification

InVerify is keenly aware of the need for data security and privacy for secure verification. Our services utilize industry standard security features.

Key aspects of our security policy include the use of 128 bit encryption, SSAE16 Data Center facilities, Monthly Vulnerability testing, and Regular Application Risk Assessment and Audits

Data privacy is also a priority when it comes to secure and safe verification. Data privacy goes beyond the traditional IT data security and addresses issues such as corporate culture, data collections policies, and data quality initiatives. Data privacy professionals define privacy as the right of an individual to control information about him or herself. Our enhanced Income Key management capabilities allow your employees to manage access to their data.

Key Elements of our Data Privacy Principles

Openness: We have a general willingness to share our personal data practices and policies with customers and regulators.

Participation: An individual has the ability to obtain data related to him or her in a timely and low-cost manner, and to correct errors in the data.

Use Limitation: Personal data is not used for purposes other than those specified by InVerify in conjunction with the employer at the time the data was collected.

Data Quality: There are limits on the type of personal data we collect, that data shall be directly relevant to the services provided.

Security: Personal data is protected against the risk of loss or unauthorized access, destruction, use, or modification.

Key Elements of our Data Security Approach

The following Data Security Policy outlines many of the steps we take to execute a safe verification process and ensure confidentiality for our customers.

  • InVerify does not expose client data to e-mail or our staffs PCs/Laptops. Our data collection procedures are through our online secure SFTP process.
  • Key fields in the InVerify database are encrypted while at rest.
  • The InVerify system is hosted at a Tier 1 data center facility. The facilities we use are SSAE-16 and SAS70 Type II certified, located in unmarked facilities, utilize biometrics, provide video surveillance monitoring at all access points, execute restricted keycard access and deploy three layers of network monitoring all to provide our customers with high levels of logical and physical security.
  • All of the InVerify web servers utilize a digital certificate used by Symantec. Symantec is one of the leading Internet Infrastructure service providers and enables secure e-commerce, websites, intranets, extranets through the use of Secure Socket Layer (SSL) certificates for two-way encryption. All communications to our website occur over HTTPS protocol. No request made to InVerify system can be made over the unsecured HTTP.
  • If hard copy documents must be created they are discarded in a secure, locked document destruction container. All documents in the container are destroyed by an outside, bonded and insured document destruction company.
  • As a result of working with sensitive information, all InVerify employees are required to go through background screening prior to joining our company, including drug screening and criminal background checks.
  • Data files exchanged with customers can also be secured with PGP encryption technology.
  • All Social Security Numbers (SSN) are masked on customer reports.
  • All employees are required to sign confidentiality agreements upon hire at InVerify, informing them of their role and securing their signed acknowledgement of the confidentiality requirement.
  • General office access is restricted during business hours by key card access.

Contact us to learn more about our safe verification process.