Top 3 Ways we Keep your Data Secure
Top 3 Ways we Keep your Data Secure
Personally identifiable data is important. It’s necessary for you to have and people are typically used to giving it out. However, according to Pew Research, the types of information people worry about most include social security numbers, the state of their health and what medications they take, and finally, the details of their physical location over time. As a nonprofit, you’re probably collecting this data. As a responsible organization, you need to be aware of the risks and how you should protect your participants’ information.
Here are three big ways nFocus Solutions is making sure data stays secure:
- Assign Roles and Permissions
In TraxSolutions8, our newest version of our main software suite, we give nonprofits like yours the ability to individually set permissions to protect certain sensitive categories.
What does that mean exactly? Well, if you have a case manager who is working closely with your participants, you can ensure they have access to all of their clients’ data, including their histories, intake forms, academic records and more. However, you might not want your front desk admin looking at that information and you can ensure they, or others, don’t through these custom permissions.
Each person that needs to log into TraxSolutions can be given an assigned role with corresponding permissions, whether that be access to just viewing reports, updating participant records, analyzing survey results or billing—or none of these. With this ability, you can ensure that your data is only accessed by the people who need to see it, and the level of access is set relative to the needs of the user.
An additional level of security is added to TraxSolutions8 by having some fields marked as ‘confidential’ and/or selecting a system-wide setting called ‘need to know.’ This means that only designated users can view those fields, no matter what their permissions may be.
- Search and Finance Hierarchy
nFocus provides multiple levels of security in its software—especially in MoneyTrax, where organizations may be sharing sensitive financial information such as checking account and credit card numbers. Many times, organizations belong to a parent organization—such is the case with Boys and Girls Clubs. There are many instances when the child organization’s financial data needs to be independent of the remaining organization and does not need to report this information back up to the parent. Why transfer data when it’s not necessary? nFocus’ finance hierarchy allows the child organization to remain autonomous.
The same concept can be applied to sites within an organization that deal with such sensitive participant information such as treatment plans and medication. In addition, knowledge that an individual is enrolled at a certain site could be considered compromising information. In this case, a child organization can configure a ‘search hierarchy’ so that other sites in the organization cannot even know that an individual has even been enrolled in that site if it is not required to do so. Search hierarchy keeps those files private.
- Tier 1 Hosting facility
All nFocus data resides in a world-class data center. Access to the facility is protected by digital video surveillance, electronic access control with and a 24/7 security force. In addition, access to hardware is protected by a sign in procedure to verity identity and all hardware is housed in a locked server cabinet.
If that Fort-Knox style security isn’t enough, all data transferred between servers and client browsers is encrypted using Secure Sockets Layer (SSL) 128-bit encryption.
We continuously run industry standard anti-virus and anti-spyware programs to protect hosted data against destruction and theft. These programs are updated on a regular basis and monitored for suspicious activity.
We take security very seriously; you should too. Always follow these four guidelines:
- Grant access to trusted individuals only
- Perform background checks on employees and volunteers
- Carefully determine the security level given to system users
- Ensure that employees and volunteers do not share passwords