January 28 is Data Security Day, and security is of great concern to us and to our clients. At Vieth Consulting/MemberLeap, we work very hard to ensure that your data is protected.
- Password-Protected Members Area - the heart of MemberLeap is the members area. All updates to your data are done through the member's area. Access to the member's area is limited to users with a username and password. After several minutes of inactivity (90 minutes in most cases), a user's session is 'timed-out'. The user then has to log-in again.
- Password Reset - in the event that a user loses their password, they have the ability to re-set it. This allows them to re-gain access, without sending a password in clear text via email.
- Access Log - we keep a record of who logs in and when, recording the IP addresses of each user's access.
- Change Log - in the critical parts of MemberLeap (members, events, billing), we also keep record-change-logs to track when a given piece of member/attendee/event information was changed.
- User Permissions - MemberLeap has a highly flexible way to grant access to users:
- Member-level: This is for general members. They have the ability to change their own information and view whatever information the association chooses to allow them to view.
- Admin-level: Admins have full access to all areas of the system.
- Custom: Member-level users can be granted specific permissions to specific areas, as designated by an admin user.
- PCI Compliant - PCI stands for Payment Card Industry, and it is a continually evolving standard for credit card security. It applies to organizations and merchants that accept, transmit, or store cardholder data. Vieth Consulting is a PCI compliant service provider. We go through periodic security assessments and third party testing to verify this compliance.
- Secure Sockets (SSL) - all credit card/bank account information is accepted under SSL encryption. This means that the pages where card information is entered, these pages are all using https, and the user's browser would indicate this with a lock/key icon at the top.
- No storage of credit card information - we do not store cardholder data within our system. It is accepted at the time of purchase (member joining/renewing, event registration), but not stored. If you use our monthly-membership payment processing system, we use Authorize.net's Customer Information Module to store card information and process the monthly transactions.
- Data Center - all hardware and services are located in a secure data center, located nearby in Lansing, Michigan.
- Tier-1 Premium Bandwidth - featuring AT&T, Verizon, Sprint, Savvis, and Level3
- 24/7 staffing
- Access limited to technical staff, motion-detecting cameras monitor the entire facility, and external walls are reinforced poured concrete
- Multiple emergency generators waiting on standby
- SSAE-16 (formerly SAS70) Compliant
- The Servers - all servers are kept up-to-date with the latest software versions, and all services are constantly monitored.
- Penetration Tests - we have periodic 3rd party penetration tests to verify that our servers are secure.
- Nightly Backups - all of your data is backed up on a nightly basis (handled within the data center).
- Offsite Backup of member data - periodically, we backup the member database offsite (outside of the data center)