The security and privacy of your data is a core part of our business, and is our top priority. The following is our corporate statement regarding our data security program, and a review of the process we follow regarding our commitment to information security and compliance.
Payment Card Industry Data Security Compliance
The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC, and the Japan Credit Bureau (JCB). VISA and Mastercard now require all merchants to adhere to the PCI security standard. Our compliance with PCI standards is certified by a certified PCI compliance services provider.
In order to maintain PCI Compliance certification, all publicly accessible internet devices and any associated domain(s) hosted on them must have been audited within the past 3 months, and all vulnerabilities categorized as Urgent, Critical, or High severity (Level 3 or greater) must have been corrected within 72 hours of their discovery.
Our site is tested with industry-standard PCI Compliance remote vulnerability testing.
SSL Data Encryption
Alliance uses Secure Socket Layer (SSL) technology for mutual authentication, data encryption, and data integrity. SSL is the industry standard security protocol to encode sensitive information, such as your credit card number. SSL creates a shared digital key, which only lets the sender and the receiver of the transmission scramble or unscramble information.
Local Data and Physical Redundancy
Alliance customer data is backed up to redundant backup servers nightly. We maintain redundant web and database servers, fully configured with all software and data, so in the unlikely event of a failure of any of the main servers, the backup servers will be available, pre-loaded with the most recent production data and software.
All customer data is also backed up to two offsite secure locations. Each backup storage location is highly secure and includes alarms, controlled access, fire suppressors, redundant bandwidth, and emergency power generators – everything necessary to ensure valuable customer data is always secure.
Access and Event Monitoring
Alliance maintains and regularly reviews, a real-time and long-term event and login access monitoring system. This system helps us meet host-based security information event management (SIEM) objectives and adhere to demands of regulatory compliance requirements like PCI.
Ongoing Periodic Security Vulnerability Scans
Alliance conducts regular security vulnerability scanning of key network resources, to identify potential security holes. These security scans ensure that web sites, servers, routers, firewalls, and Internet-connected devices are free of known vulnerabilities.
Data Security Compliance Statement
Alliance services meet the physical and technical standards, and provide all necessary controls for our customers to maintain their administrative security compliance standards. Specifically, Alliance agrees to: Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected financial information that it creates, receives, maintains, or transmits on behalf of our customers. In summary, Alliance has implemented reasonable and appropriate safeguards to protect our customers’ financial and business information. Furthermore, Alliance agrees to report to our customers any security incident of which it becomes aware, and will authorize the termination of any customer contract in the case of any material breach of this compliance statement.
Telephone Consumer Protection Act (TCPA)
The TCPA restricts telephone solicitations (i.e., telemarketing) and the use of automated telephone equipment. The TCPA limits the use of automatic dialing systems, artificial or prerecorded voice messages, SMS text messages, and fax machines.
At Alliance we are committed to following federal laws as they pertain to our outbound calls and employs the following process to ensure compliance with the TCPA, regarding the proper dialing of mobile/ported phone numbers:
* All sample is compared to both mobile/ported phone numbers lists.
* Mobile/ported phone numbers are identified and separated from landline sample.
* Mobile/ported phone numbers are set up as separate projects and locked into hand-dial mode.
* Hand-dial mode prohibits any connection to a dialer and instead makes use of T1 analog lines to place the calls, directly from physical phones from the interviewer stations.
DO NOT CALL (DNC)
It is the policy of Alliance to fully comply with all applicable “Do Not Call” laws and regulations regarding wired and wireless telephone communications (whether by live, artificial or prerecorded voice, telephone facsimile machine, computer or otherwise) to any covered telephone line or number. In a good faith effort to so comply and to provide consumers with an opportunity to exercise their “do not call” rights,
Alliance has contracted with the Federal and State agencies to assure it is abiding by all the compliance procedures and protocol required by law. As a third-party marketing company, we are responsible for complying with state and federal laws and have developed, enforced and documented our compliance efforts. As a regulation set forth by the federal Do-Not-Call laws, we are required to demonstrate that we perform the following as part of our routine business practices:
- Establish and implement written procedures to comply with Do-Not-Call laws.
- Train our personnel in these procedures.
- We maintain a company-specific Do-Not-Call list.
- Scrub our calling lists against the national Do-Not-Call registry on the frequency required by federal law.
- Monitor and enforce compliance with our procedures.
As a result of our pro-active compliance measures, we seek a safe harbor defense to a violation if the violation is the result of technical or human error.
We have implemented a 2-step process for ensuring our compliance with these laws. The 2-step process involves pre-dialing compliance as well as pre-transfer verification.
Pre-dialing measures: All data is uploaded to our central database by the call center staff for de-duping and scrubbing procedures prior to dialing. Our automated system submits the data to DNC scrubbing software which ensures all numbers are scrubbed against the appropriate Federal, State and Internal DNC lists.
Our systems maintain the strictest of compliance procedures including tracking when numbers were checked and provides reports validating scrubbing compliance.
Pre-Transfer measures: As the telemarketing agent inputs the prospect’s information in our website, we re-submit the phone number field through the DNC scrubbing software to ensure that the prospect is absolutely not on the DNC.
This process also allows our customers to provide their own “internal” do not call list, so that we can remove any customers that have requested not to be called.
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Under HIPAA privacy rules, Alliance is compliant with all applicable rules and regulations of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. We are committed to keeping all PHI (Protected Health Information) that you entrust to us private and secure. We have instituted policies and procedures to ensure this is a top priority.
Sarbanes-Oxley Act (SOX)
Alliance is compliant with all applicable rules and regulations of the Sarbanes-Oxley Act. Effective in 2006, all public companies are required to submit an annual assessment of the effectiveness of their internal financial auditing controls to the Securities and Exchange Commission (SEC). Additionally, each company’s external auditors are required to audit and report on the internal control reports of management, in addition to the company’s financial statements. Sarbanes-Oxley is known in US Senate as the “Public Company Accounting Reform and Investor Protection Act” and in the House of Representatives as the “Corporate and Auditing Accountability and Responsibility Act”. Sarbanes-Oxley is commonly referred to as SOX or Sarbox.
Financial Industry Regulatory Authority (FINRA)
Alliance is compliant with all applicable rules and regulations set forth by FINRA. As a regulatory body, FINRA acts as the licensor for companies looking to enter the securities markets, as well as the legislator of the functions of those admitted bodies. It also has the authority granted by the U.S. Securities and Exchange Commission (SEC) to discipline non-compliant members. FINRA was founded in July 2007 as a consolidation of the National Association of Securities Dealers Inc. (NASD) and the regulatory functions of the New York Stock Exchange (NYSE).