Security

Back Print File

Client Information Center (CIC) Guidelines and Use of Content

Security

As a leading provider of online services, J. J. Keller & Associates, Inc.® is committed to providing many layers of security to preserve the confidentiality of your information. Our server environment is protected by a state of the art "security wall", the site is password protected, and we use data encryption between the web servers and your browser. To ensure you that the CIC has taken the appropriate steps to secure the integrity of your information, the following answers are provided to the most frequently asked questions:

Can someone else access the information I have entered in the CIC?

The best way to secure your information is to protect your user name and password. Without your user name and password, another CIC subscriber cannot gain access to any of your records. We strongly suggest that you change your password on a regular basis and keep it confidential at all times. As described in the Personal License, "You may not allow others to access the CIC using your Personal License Password or User Name"

As an added security precaution, if you are logged into the CIC and your session is idle for two hours, you will be automatically logged out of the CIC and will need to log back in to access the service.

The records you establish in the CIC are stored on servers at a secure, offsite facility. Access to the data on these servers is limited to a small group of authorized Compliance Services staff only. This small group of authorized staff has signed a Non-disclosure (Confidentiality) agreement to protect your data.

How does the CIC protect my information from being lost?

The CIC servers are located in a secure, state-of-the-art Internet hosting facility. The servers are monitored 24 hours a day, seven days a week for any signs of technical problems or malicious activity (including intrusion detection). Backups of all servers are created on a frequent basis to protect your data in the unlikely event of a hardware failure. A stringent schedule of preventative maintenance is followed to minimize this risk. In addition, we maintain a fully functional backup site at another location to protect against data loss in the event of a physical disaster (fire, flood, etc.)

Whenever you proceed to delete information in the CIC, you will be asked to confirm the deletion of that information.

"We use data encryption between the web servers and your browser" - what does this mean?

Secure Sockets Layer (SSL) protects data transferred over http using encryption enabled by the The CIC server's SSL Certificate. An SSL Certificate contains a public key and a private key. A public key is used to encrypt information and a private key is used to decipher it. When your browser points to the CIC (a secured domain), SSL authenticates the server (the CIC) and the client (your browser) and establishes an encryption method and a unique session key. This begins a secure session that guarantees message privacy and message integrity.

The CIC uses 128-bit SSL encryption. This is the level used by most banks and other sites where a secure environment is necessary.

Why does the CIC use Secure Sockets Layer (SSL) encryption?

Using SSL allows us to add even greater security to all of your data on the CIC. The small lock seen in the lower portion of your web browser (Internet Explorer and Firefox Only) indicates that the page you're visiting is completely secure. You may be presented with a "Security Alert" popup window indicating that you are entering a secure site. This message can be enabled or disabled within your browser settings, if you choose.

What does it mean to be thawte™ secured?

The CIC has obtained SSL certificates through a company called thawte™, a proven industry leader and trusted source for digital web server certificates. A thawte™ SSL certificate ensures that all information you send to us via the internet will be encrypted.

Virus Protection

Our virus scanning software is updated on a daily basis to ensure that we have the highest protection available. All site traffic is scanned as it enters or leaves the site.

Independent Security Audits

The CIC uses IBM and other 3rd party organizations to conduct periodic audits of our security procedures and systems. The audits provide an additional check of our systems to ensure that system security is maintained at the highest level.