INTEK takes Information Security very seriously. This document is meant to give our business customers an overview of the practices that we follow in order to protect both our computer systems and the data that has been entrusted to us. Password Policy Access to INTEK’s online services and business functions is secured by user ID and password. However, our ID and password rules for Employees are different than the rules for Partners who do business only on behalf of themselves. The initial password for employees must be changed the first time that the account is used. We also require these passwords to be changed every 90 days thereafter. While it is true that many Internet sites do not force their visitors to change passwords at all, please remember that these are frequently retail sites. For these types of sites, if your password to these sites is compromised, you are usually the only person affected. On the other hand, employees are doing business on behalf of the customer, and have access to much more data than just their own. If their passwords are compromised it could have disastrous effect on the data of our customers and INTEK. A forced password change every 90 days will decrease the risk of this happening. Customers and Partners having accounts with us may choose their own password, and although we recommend that they change it periodically, we never "force" them to do so. Data Encryption We support 128-bit SSL (Secure Socket Layer) data encryption for our online business services that require data transmission. We believe that this provides powerful data security. Internet Service Provider Connectivity and Reliability INTEK’s Web activity is routed through a World Wide Internet Service Provider (ISP). This ISP’s Network Operating Center features multiple high-bandwidth Internet connections and redundant power protection. We believe that this provides us robust and reliable Web capability. The Network Operating Center(s) is/are a controlled environment featuring physical and electronic security measures that include hand-scanning devices, digital video surveillance, multiple firewalls, and electronic intrusion detection technology. Its team of security specialists understand our critical business need to be able to offer 24 x 7 Web capability to our customers. Computer Viruses and Malicious Software We attempt to ensure that all files coming in to the INTEK network are scanned for viruses and other malicious software. It is our custom to deploy anti-virus software on our mail, web, and application servers as well as on all desktops. Our regular procedures call for regular updating of Virus "signature" files. In addition, emergency procedures designed to contain any virus outbreaks are in place. Intrusion Detection Capabilities and Firewalls Intrusion Detection systems are in place through which we attempt to monitor all network traffic both to and from the Internet. These systems are designed to note and intercept or block suspicious activities as deemed appropriate. In addition, our networks are also protected by firewalls which further serve to filter and block suspicious traffic that is detected. Data Backup and Recovery Procedure Our procedures require that all production data be backed up on a regularly scheduled basis. The backups are done centrally. The data backup process is automated and monitored for any error situations. Our procedures call for each backup to be copied and stored off-site in a protected, climate controlled environment. A large scale recovery test is performed annually. The annual tests are conducted in an attempt to ensure each critical business process can be recovered in a timely basis. The test is also conducted so that we can attempt to ensure that the recovery process is correct and that all of the technology platforms and communications between each are operating as we intend. Independent Security Assessments INTEK employs a proprietary scanning solution to test our own defenses and report on any vulnerabilities detected. We scan our network daily being vigilant to implement changes due to hardware, software or malicious attackers. BLISS™ In addition, INTEK online data security procedures have been certified. - an internationally recognized security consulting organization. This certification means that has tested us for vulnerabilities, and has determined that INTEK meets the standards for protection of systems and customer data. Certification requires a series of evaluations and recommendations on overall network architecture, connectivity, physical security, redundancy and disaster recovery capabilities, environmental controls, system configurations, and operational policy compliance. Once the site is officially certified, security analysts work with us to regularly monitor adherence to practices standards. We are proud of our certifications, and certification is not a function of simply letting technicians attempt to break into our systems. A team from INTEK’s Information Security, Technical Services, and Electronic Commerce areas work to identify potential data security threats, and to take what we believe to be appropriate actions to minimize or eliminate these threats. We take these measures to attempt to assure that the sensitive data we receive from our customers and others is handled according to appropriate data security practices. Additional Information From time to time our customers, business partners, and other interested parties ask for more detailed information about INTEK’s information security infrastructure, including specific questions about the types of firewalls we use, how they are configured, operating systems on our servers, and details on our Intrusion Detection and Response procedures. However, we do not believe that it is in the best interest of our customers and others with whom we do business to divulge this type of detail about our computer systems and defenses, nor the details of our audits or security reviews. If this type of information were to get into the wrong hands, it could potentially be used against us. The first step in any hacker attack is to determine what types of defenses are in place at the targeted site. Armed with this knowledge, the potential hacker has one less step to go through in order to breach any defenses in place. |