Our company is committed to ensuring the highest level of data security and privacy. The following information describes the foundation for our data security and privacy:

Physical Security

All of our Servers are housed in a carrier-class datacenter located in Altoona, Iowa. The datacenter maintains very strict physical security measures to prevent an entry breach into the server area. The datacenter requires photo ID to enter the building and biometric scanning to gain access to the server area. Our servers are in a locked server rack and the rack is in a locked metal cage. Access to our servers by an unauthorized individual is virtually impossible.

Data Security

Our servers all sit behind a hardware firewall that stops any unwanted traffic. The firewall closes all ports on the servers that are not being used for Web traffic. We continuously monitor all traffic and the firewall detects, rejects and alerts us of unwanted traffic.

Also, we utilize a hardware-based IPS (Intrusion Prevention System) that listens to all incoming and outgoing traffic from all of our servers and will shut down any hacking attempts as well as inform us of the attempt immediately. This is an active service that is updated hourly from a leading IPS hardware provider. We code all of our Web applications using methods that prevent what is known as SQL injection. SQL injection involves attempts by hackers to execute database code by putting SQL code in forms or URLs on the Web site.

Disaster Recovery and Data Integrity

All databases are transaction logged every hour to ensure up-to-date recovery in the event of a localized or generalized disaster or outage. Also, our servers are backed up locally each night. All data are exported to an off-site location which is more than 30 miles from the datacenter to address any sort of widespread outage or disaster. We subscribe to and follow disaster recovery best practices.

In the event of a disaster, our plan calls for a maximum of 24 hours to bring the system back up. Certainly a major disaster of widespread proportions could require longer than 24 hours to mitigate, however.  In the event of a minimal outage, the system would be available much sooner.

Uptime

We employ a load-balanced server system.  Multiple servers continuously serve out the Web site and databases to avoid a single point of failure for the system. Also, the servers are located on two separate power grids. Diesel backup generators and uninterrupted power supplies are in place to eliminate or minimize any downtime due to a power outage.