VendorPal™ is committed to maintaining a platform where our customer's data is transmitted confidentially and securely. To that end, VendorPal™ will implement the following security measures.
Our servers will be collocated in Cedar Falls, Iowa at a facility that provides 24-hour physical security, palm print and picture identification systems, redundant electrical generators, redundant data center air conditioners, and other backup equipment designed to keep servers continually up and running.
The network perimeter will be protected by multiple firewalls and monitored by intrusion detection systems - all sourced from industry-leading security vendors. In addition, VendorPal™ will monitor and analyze firewall logs to proactively identify security threats. VendorPal™ will also contract with a third-party security firm that will proactively monitor our security configurations for changes, vulnerabilities, and errors and regularly conduct vulnerability threat assessments including penetration tests.
VendorPal™ will leverage the strongest encryption products to protect customer data and communications, including 128-bit Network Solutions SSL Certification and 2048-bit RSA public keys. The lock icon in the browser will indicate that data is fully shielded from access while in transit.
Users access VendorPal™ only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.
Our robust application security model prevents one VendorPal™ customer from accessing another's data. This security model is reapplied with every request and enforced for the entire duration of a user session.
VendorPal™ will enforce tight operating system-level security by using a minimal number of access points to all production servers. We will protect all operating system accounts with strong passwords, and production servers will not share a master password database.
Whenever possible, database access will be controlled at the operating system and database connection level for additional security. Access to production databases will be restricted to a limited number of points, and production databases will not share a master password database.
All data entered into the VendorPal™ application by a customer or downloaded from retailer’s servers will be owned by that customer and stored in servers under their individual control. VendorPal™ employees do not have direct access to the client’s VendorPal™ servers, except where necessary for system management, maintenance and upgrades. VendorPal™ will not utilize any managed service providers. The VendorPal™systems engineering team will provide all system management, maintenance and upgrades.
All networking components, SSL accelerators, load balancers, Web servers, and application servers will be configured in a redundant configuration. All customer data will be stored on a database serve owned and managed by customer.