Summary of Physical & Information Security
Franklin Press deals with confidential personal information on a regular basis. This includes data from banks, casinos and other clients that includes such sensitive information such as name, address, credit information, financial, credit card and other data. Given our responsibility to protect this information, we have instituted a number of physical and information security measures.
Physical Security
Physical access to the building is controlled by a Sonitrol monitoring device. This consists of exterior doors being locked at all times and access may only be gained with an electronic access card read by a proximity reader. Cards are issued to employees only for times relating to their working hours.
Access to interior areas of the building is similarly controlled with employees being permitted only in areas relating to their duties. Of utmost importance is the data management area which houses workstations with access to client data and our IT department which houses our servers.
Visitors may not leave the reception area without signing in, presenting identification and being escorted by an authorized employee. Visitor logs are retained for one year. Technicians servicing equipment are granted temporary access cards and at no time are authorized to service equipment with access to client data without direct employee supervision.
A closed circuit television system (CCTV) is installed to capture all ingress and egress on exterior doors plus the data center. Video is stored for a 60 day period.
Employees undergo a nationwide background check administered through Kroll, Inc. They also must pass a drug screening and credit history check. All employees must take a security training course.
Information Security
Access to client data is protected from both inside and outside attacks. The following devices have been installed to detect and prevent unauthorized access to our servers housing client data:
Cisco 5520 – Dual Cisco 5520 Firewalls are installed. The firewalls operate in “heartbeat” mode and, should one of the firewalls stop properly working, the other will immediately take its place.
DMZ – A “demilitarized zone” has been created. Our web sites have been removed from SQL, ASP and CFM servers and isolated such that only valid, outside traffic can access them. Ports are controlled such that outside hacks cannot access client data.
Symantec AntiVirus 10.1 - Protects Symantec AntiVirus computers by blocking security risks before they install. Rates impact of security risks on several different factors. Repairs complicated risks, such as Winsock LSP and host file infections, stealthed user mode risks, and persistent security risks that are difficult to remove or that reinstall themselves.
Barracuda – Prevents inappropriate Internet activities and prevents decreased network capacity or system downtime when too many employees use bandwidth-intensive applications, like streaming media or internet radio. Internet use policies are in place to ensure available bandwidth for business-critical applications.
Virtual Private Network (VPN) – Intra company data (Baton Rouge :: Memphis) is transmitted through a VPN tunnel for increased security. All access outside the secure network must pass through the same firewall as if the user were physically connected to the inside of the secured network. This reduces the risk that an attacker might gain access to the secured network by attacking the VPN client's host machine. All data is encrypted.
Production Security
Operators of equipment capable of printing personalized data (inkjet, laser and Indigo) have access only to the print data, rather than the entire database. A camera system monitors and records all production activity. This data is retained for 60 days in the unlikely event of employee dishonesty.
Spoiled forms that contain personalized data are placed in locked bins. The contents of the bins are shredded on-site on a weekly basis in the presence of a production supervisor.
Equipment that produces scratch-off game pieces for our casino clients is under camera surveillance. Data used to produce the pieces is strictly controlled and maintained under a dual password.
Disaster Recovery/Business Continuity
Mirrored locations in Baton Rouge and Memphis provide for virtually failsafe disaster recovery and business continuity. Backup data containing all internal applications and client data is updated weekly and stored in a secure, offsite facility. In the event of a disaster, the data is restored to the other location within a very short time frame. The recovery process is tested on a regular basis.
Insurance
An $11,000,000 Policy includes: Business Interruption, General Liability, Errors & Omissions and Employee Theft & Fraud. Insurance is maintained through Zurich North America.