You are here:

    Overview

    Introduction Physical Security Monitoring 
    Privacy Policy
    Secured Sockets Layer Firewall and Virus Protection 
    SSAE Type 16 Compliance
    Passwords and User Sessions  Data Reconciliation 
    PCI Data Security Standard Database Security Activation and Support
    Trustwave: TrustKeeper Software Change Control Conclusion


    Introduction

    At Enliven Software, keeping our customers’ information secure and private is our highest priority. This document outlines some of the measures that we have taken to ensure privacy and security. Enliven hosts a state-of-the-art internet application as an Application Service Provider (ASP). Enliven has drawn expertise as an enterprise ASP from employees with experience from Microsoft, Bank of America, Wells Fargo, and the Federal Reserve. Protecting our customers requires constant vigilance and we consistently increase our security as new technologies become available.

    Top

    Privacy Policy
    Enliven understands the importance of keeping your personal information secure. We only collect information that is necessary to provide the Fidesic services to you. Enliven’s Privacy Statement is available online at www.enlivensoftware.com/SecurityPrivacy . This statement explains what information we collect, how we use it and how we keep it secure. Enliven reserves the right to amend or change this Privacy Statement at any time; the latest revision date will be displayed with the Statement on the Enliven web site. 

    Top

    SSAE Type 16 Compliance
    Enliven Software takes privacy and Internet security very seriously, which is why we have adopted privacy standards to comply with modern security protocol. We utilize one of the largest, most secure data centers in the country, US-Signal, to employ and meet the standards of the Statement on SSAE type 16 Report. Enliven’s server infrastructure and physical access controls are guarded and locked down based on US-Signal standard protocols.

    Top

    PCI Data Security Standard
    Physical access controls is not the only level of security that we have implemented. We store all sensitive customer payment profiles off-site, vaulted in Authorize.Net’s Customer Information Manager (CIM), an encrypted secure server which complies with the Payment Card Industry Data Security Standard (PCI). Enliven Software’s compliance with the Payment Card Industry (PCI)Data Security Standard is achieved by storing sensitive payment data using CIM.These payment profiles are managed by Authorize.Net, a Cyber Source solution (NASDAQ: CYBS) and the industry leader (and standard) in creating and storing secure credit card transactions between customers and their vendors. List of Approved Service Providers

    Top

    Trustwave:TrustKeeper
    To ensure your data is secure, we hire an expert to run intrusion detection reports and quarterly penetration tests. Similar penetration tests are performed onbanks and other government organizations with strict security requirements. TrustKeeper is a certified remote assessment and compliance solution designed to help merchants meet the security standards of all credit card companies. TrustKeeper has been certified by Visa CISP/AIS, MasterCard SDP, American Express DSOP, Discover DISC, and all other credit card companies. TrustKeeper is an integrated solution which removes the challenge of navigating the different card company requirements and provides a"one stop shop" for merchants to achieve compliance and receive certification.

    Top

    Physical Security
    The Enliven Internet Data Center is housed within a Savvis Communications Corporation (NASDAQ: SVVS) secure data center. The servers are monitored by guards 24 hours a day. Access to the servers is restricted to authorized personnel identified by photo ID cards and biometric palm scans. Savvis ensures continuity of power and internet access to the Enliven servers. Fidesic has a second Internet Data Center ready for emergency use at all times.

    Top

    Transport Layer Security
    As an internet service, security of communication over the internet with our customers is critical. This security is provided by Transport Layer Security (TSL). TSL is the industry standard for ensuring secure internet commerce. A user can confirm that communications are being carried over TSL by a yellow lock displayed in the lower right corner of their browser. The user can review the Fidesic server certificate by clicking on the lock. 

    Top

    Passwords and User Sessions
    Access to the Enliven application is protected by user passwords. It is the users’ responsibility to keep these passwords secure and private. The passwords may be changed at any time, and users are encouraged to change their passwords often. Once logged in, a user must re-enter their password after 30 minutes. When accessing the service from within an accounting system, the user must enter their password to conduct each batch of transactions. User sessions are maintained with a tamper-proof cookie held in the user’s internet browser memory. A secure hash included in the cookie insures that only the web server can specify which user is logged in.

    Top


    Database Security
    Particularly sensitive customer information is encrypted when stored in the Fidesic database. All bank account numbers, credit card numbers, and social security numbers must be decrypted by the Fidesic application before they can be read. Passwords are stored as a one-way Secure Hash Algorithm (SHA) hash. Fidesic can validate that a correct password has been entered but it is impossible for Fidesic to determine what a user’s password is. This ensures that only the user can enter their password into the Fidesic application. The Fidesic database is backed up every 15 minutes to a backup server. Access to our Microsoft SQL databases is restricted to our applications and administrators that are properly authenticated by Windows Server.

    Top

    Software Change Control
    All software deployed to the Fidesic service undergoes a rigorous software quality assurance process. Dedicated testers verify that the software protects the integrity and privacy of customer data. Enliven has extensive systems for tracking and ensuring the resolution of all issues that are identified during the software development life cycle. Once software updates have been fully validated they are deployed to the Fidesic servers.

    Top


    Monitoring
    The Fidesic servers are monitored both internally and through an independent agency. Individual application components are monitored to ensure that all aspects of the system are available at all times. The Enliven team is notified at the indication of an emerging issue so that corrective action can be taken.

    Top


    Firewall and Virus Protection
    All Fidesic servers run virus protection software. Virus definition files are updated immediately and all operating system patches are applied as they become available. All of the Fidesic servers are behind a Cisco firewall that is monitored and maintained by both Enliven and Savvis.

    Top


    Data Reconciliation
    All activity in the Fidesic clearing account is verified by detailed reconciliation between bank statements and the Fidesic database. Enliven staff ensures that every transaction expected actually occurred on the correct date and that all transactions through the clearing account are accounted for. Detailed transaction information is available to customers online so they can reconcile their own accounts.

    Top


    Activation and Support

    All customers are assigned a dedicated activation manager to ensure that the application is configured to meet their business needs. Activation includes examining existing customer processes in depth, assisting with the installation of any client software, verifying correct installation, and any training that may be necessary.Once customers are fully activated, responsibility for support transitions to the Enliven support staff. If customers have any questions or concerns about the application Enliven is available by telephone or email to address their concerns. At any time, customers are free to contact their activation manager or customer account manager for additional support.

    Top


    Conclusion
    This is meant as an overview of some of the provisions that Enliven has taken to ensure data security and privacy. If you have any additional questions or would like a more in-depth discussion about security and privacy please contact Enliven at (866) 439-5884

    Top



    Electronic archive

    The Enliven advantage – we will keep an electronic copy of all invoices sent – in PDF format – which are accessible at any time and any place you can access the web. No more printing and keeping paper copies of invoices sent – we are your electronic archive for more cost effective storage.















































    Copyright 2017 by Enliven   Terms Of Use