|With InfoSafe, you've got a personal team of experts to help guide and manage your compliance with federal, state and industry data security regulations for protecting your customer and employee personal information against identity theft and fraud.
Being InfoSafe Certified gives you critical third party validation and certification that your business meets or exceeds the minimum recommended standards and best practices for protecting your customer and employee personal information against identity theft and information compromise. InfoSafe Certification is a "seal of approval" to show your customers that your company/organization is a safe place to do business. It demonstrates your commitment to doing business the right way, with a genuine commitment to customer privacy, safety and trust.
Your business can become InfoSafe Certified by enrolling in the InfoSafe program and working with your InfoSafe team to implement and maintain the necessary administrative, physical and technical safeguards in accordance with the compliance requirements of virtually all major federal, state and industry regulations including HIPAA / HITECH, GLBA, Red Flags Rule, FACTA, PCI, state data breach protection laws, and more.
The InfoSafe program includes:
1. Risk Assessment
Based upon regulatory requirements and industry best practices, a Certified INVISUS Information Security Advisor (CIISA) conducts an initial onsite assessment of your physical location(s) to gather important information about your business or organization including the type of confidential or protected information you collect and use, as well as your current administrative, technical and physical safeguards and associated risks and vulnerabilities, policies, procedures and controls.
Following the onsite assessment, our compliance experts determine which of the federal, state and industry information security and privacy regulations apply to your business, and evaluate your current policies and procedures, controls and safeguards in relation to the requirements of the applicable regulations. The results of this comprehensive compliance review, combined with the results of the onsite assessment, are used to identify key information security and privacy requirements, address existing compliance gaps and risks to your organization and customers, and to develop your information security policies and procedures.
2. Administrative Safeguards
We help you designate a compliance administrator in your organization (or work with your current compliance administrator) and provide them with everything needed to properly manage your organization's compliance with all applicable information security and privacy regulations. This includes complete administrator training, employee information security handbook including your employee security/privacy agreements, and ongoing regular compliance updates as applicable laws and best practices change.
Information Security Policy
A comprehensive Information Security Policy (including related employee, management, and vendor forms) fully customized and prepared for your business. Includes all the technical, administrative and physical security policies for your business to properly protect customer and employee information and establish compliance with state and federal laws and regulatory requirements.
A personalized information Privacy Notice to provide to your customers in print and online - detailing the types of information you collect, how you use it, and how you protect it.
Other Policies (as required)
Other more specific information security and privacy policies are also provided should your business be required to have them, including a Red Flags Rule policy, Address Discrepancies Rule policy, and other vertical market specific policies.
As your business changes, and as information security and privacy regulations change, our compliance team makes sure your Information Security Policy and other policies are updated and kept current.
3. Technical Safeguards
Internal Vulnerability Management
Quarterly scans and checkups to verify that your internal computer network devices (servers/wireless networks/LAN routers) and every computer (desktop/laptops) are all locked down and free of malware or other hidden security threats or vulnerabilities that a cyber-criminal can exploit to gain access to private customer or employee information. This is performed manually by certified INVISUS security technicians via remote Internet connection, working together with your current IT staff as needed.
External Vulnerability Management
Regular external IP address penetration tests to discover and report potential security weaknesses and vulnerabilities in your Internet connection(s) and your website(s) that put your organization at risk of a data breach from hackers and cyber-criminals. Where vulnerabilities are discovered, we assist you (working together with your current IT staff as needed) in locking down your Internet connection(s) and your website(s) to ensure you meet minimum regulatory requirements for technical safeguards and information security best practices.
Also Provided as Needed (no additional cost):
Secure Data Disposal Service
Prior to disposal of a computer or hard drive, our tech team will provide secure and permanent deletion of individual electronic records and files or completely wipe all hard drive information according to regulatory requirements and that meets or exceeds DoD/NSA secure destruction standards.
Computer Security Software
If needed, we provide you the necessary business grade security software (firewall/anti-virus/anti-spyware) for each computer in your organization - installed and optimized for you by our expert tech team.
File Encryption Software
If you don't already encrypt sensitive data, we provide professional-grade file encryption technology that meets or exceeds FIPS/NIST standards for encryption of electronic data. Installed on your organization's computers to protect both stored and transmitted files and records.
Emergency Computer Security Support
When you are alerted to virus or other malware infections on any of your organizations' desktop or laptop computers, to prevent further spreading or infection to other computers, we provide immediate on-demand expert help via remote connection for virus, spyware, and other malware removals.
4. Online Employee Training Center
Because information security and privacy training for all employees is a regulatory requirement, InfoSafe provides you with your own full featured, fully hosted and managed online training center account to easily deliver and manage the required ongoing information security, privacy, and regulatory compliance training for all of your employees, new hires, and temporary workers.
The training center also includes a complete catalog of additional low cost, engaging, and interactive privacy, information security, and compliance training courses available 24/7 for your internal compliance administrator, managers, and employees.
InfoSafe Certification gives you critical third party validation that your business has implemented and maintains the recommended and necessary administrative, physical, and technical information security standards required by federal, state, and industry regulations applicable to your organization, including HIPAA / HITECH, GLBA, Red Flags Rule, FACTA, PCI, state data breach protection laws, and more. Includes official seal of InfoSafe Certification for your website, office location, and customer communications.
To maintain your InfoSafe Certification and ensure your ongoing compliance, INVISUS conducts monthly, quarterly and annual compliance checkups and reviews for your organization. Your InfoSafe Certification is updated monthly with the completion of automated penetration testing and reporting. Your certification is also updated quarterly after a short compliance review (including administrative and technical safeguards checkup) conducted by our team of compliance experts. Annually, your organization is re-certified after an onsite assessment at each of your locations and a full compliance review, including an update of your policies and procedures.
6. Security Breach Response
Response and Recovery
Should you experience any form of data security breach or lost or stolen information, we can provide you with expert assistance to quickly and efficiently manage the situation - including helping to discover how it happened, reporting to and working with the proper authorities, customer response and remediation, dealing with the press, closing security holes and updating your security policies, and recovering with minimal damage to your reputation and your bank account.
In the event any legal or regulatory action is taken against you or your business related to information security, we help create a safe harbor status for your organization by providing third party validation and witness that you have implemented and followed the minimum regulatory and industry guidelines for protecting against the loss or theft of private information.
7. Customer Privacy Assurance
"InfoSafe Certified" Seal
You are provided with an official electronic seal of certification for your website(s) that is linked to a live verification web page telling your customers that you are currently InfoSafe Certified and that their information is safe with you. You are also given a printable InfoSafe Certification certificate for your records and to publicly display in your office/business location(s). You can also display your seal on your business cards, letterhead or other materials and communications you want your customers to see.
We provide you with sample announcement letters and messaging for your customers and other business associates letting them know you've achieved InfoSafe Certification. We'll show you simple strategies for leveraging your certification to create greater customer trust and confidence, increase sales and repeat business, and get more referrals.
We also give you sample press releases about your InfoSafe Certification you can use to get media attention (free advertising!) about your efforts as a smart, forward thinking business that proactively protects customers and employees against identity theft and fraud.
Also available (additional cost):
Computer Tech Help Desk (Optional)
As an InfoSafe Certified business, for just $10 per month per employee computer you choose to enroll, you can have unlimited access to your own team of INVISUS computer service technicians available on demand. With the Tech Help Desk, we take care of virtually all problems or questions you have with your computer(s). Enroll as many or as few computers as you like. No per minute or per incident fees. (Windows based PCs/laptops only; no servers)
If you have your own tech staff, we can coordinate with them to provide on demand phone and remote connect computer support as part of your overall IT services.
Immediate Remote Help
Fast and efficient. Eliminate computer problems in minutes, not hours or days. Live help by phone or secure remote Internet connection with your INVISUS tech team. No waiting for your tech to show up, or hauling the computer to a repair shop.
Checkups & Tune-ups
Call for expert help with virus/spyware removals, system maintenance, tune-ups and more. Keep your computers safe, running like new, and lasting longer.
Problem Diagnosis & Repair
Expert diagnosis and fixes to virtually any problem with your computer(s) including your operating system, hardware, software, peripheral devices, etc.
PCI Compliance Services (Optional)
If you accept or process credit cards and have not yet completed your PCI DSS certification, you can get your PCI Compliance done together with your InfoSafe Certification. We'll help you get PCI compliant, reach "Safe Harbor" status with the credit card companies, and get it all taken care of at one time.
NOTE: This additional certification is required by Visa, Mastercard, American Express and Discover for any organization that accepts credit cards. If you have already completed your PCI Certification with a qualified ASV or QSA vendor, and have your certificate of PCI DSS compliance, you do not need this additional certification with InfoSafe.
Learn more about PCI Compliance with InfoSafe