Our Director Access equipment is located in a secure FIS Data Center with 24-hour physical security. All servers are mirrored to a secondary FIS Data Center in real time.
The FIS facilities provide backup power sources that will provide power indefinitely via a UPS, to prevent power fluctuations, and a diesel generator if the primary power source becomes unavailable. Audit logs are available in the application for the administrator to view. These logs track all actions performed by the users and administrator on their Director Access site.
The network perimeter is protected by redundant firewalls. All security products are carefully selected from industry-leading security providers. In addition, FIS monitors and analyzes firewall logs to proactively identify security threats. FIS also employs a security professional annually to test its defenses.
FIS uses the strongest encryption products to protect customer data and communications. Furthermore, all confidential data is encrypted in a Microsoft SQL database.
FIS backup schemes are based on a seven-day weekly schedule. A full backup is performed on Fridays; on all other days, an incremental backup is performed. Full backups are kept for one month, and incremental backups are kept for two weeks. The last full backup of each month is kept for a full year. FIS utilizes a disk-based backup system that automatically replicates the backups to another FIS location approximately 100 miles away. Because the system involves fixed disks, there is no moveable media to be lost or misplaced.
All networking components, web servers and application servers are configured redundantly. All customer data is automatically backed up daily to an offsite data vaulting facility. Disaster recovery plans are in place and are tested quarterly.
If a disaster were to render the FIS production environment inoperable, failover procedures are in place to automatically route all customer data to the failover facility, which is in a different geographic location. Disaster recovery procedures are tested semiannually.
Pages are never cached, so if a director or administrator logs out, the back feature in the browser prevents previous page views from being seen.
Network security against DoS, DDoS and other types of attacks is implemented with enterprise-level stateful firewalls. This allows packet inspection of all incoming data, which is then used to apply the firewall rule base to ensure that unwanted traffic is rejected and that only appropriately formed requests to specific hosts are permitted.