Security

CharityAuctionsToday Security Measures:
At CharityAuctionsToday, your security is our priority. Detailed below are the robust security measures we’ve put in place to ensure the utmost protection and safety of your data.

Organizational Measures:
CharityAuctionsToday’s security approach is tailored according to the NIST Cybersecurity Framework Functions, incorporating a blend of standards from NIST 800-53, CIS CSC Top 20, and the PCI Data Security Standard.

Ongoing Audits and Third-party Compliance Assessments:
Annual Audits: Each year, CharityAuctionsToday collaborates with external evaluators to verify our adherence to PCI guidelines.

Persistent Analysis: CharityAuctionsToday commissions third-party experts for systematic scanning and penetration testing, focusing on both network and application levels to spot vulnerabilities and enhance security.

Our Software Development Protocols:
The entire software development cycle at CharityAuctionsToday is harmonized with our comprehensive security model. We evaluate software project risks based on the OWASP Top 10 criteria. Our developers are trained in secure coding techniques and follow best practices. Tools like Static Code Analysis, Dynamic Code Analysis, and Software Composition Analysis are employed at various stages of development. All coding undergoes version control, peer assessment, integration, functional testing, and quality assurance checks.

Guarding Customer Data:
Prioritizing the security of customer data, CharityAuctionsToday employs an integrated approach to identify potential threats, minimize risks, and ensure best practices.

Data Transmission Encryption:
All data passed to the CharityAuctionsToday platform and communicated over public networks is encrypted using TLS version 1.2+ protocols with AES 256-bit encryption algorithms. Our security experts continually evaluate and adapt to evolving encryption norms, making recommendations and updates accordingly.

Encryption While Stored:
For encrypting data at rest, we utilize the FIPS-approved AES 256-bit cryptographic algorithm.

Reliable Hosting with Secure Infrastructure:
CharityAuctionsToday’s digital infrastructure is securely hosted on Amazon Web Services (AWS). AWS has garnered numerous certifications for its data centers, boasting ISO 27001 compliance and PCI DSS Certification. For a comprehensive overview of their certifications and compliance measures, please refer to the AWS Security Website.

Disaster recovery

CharityAuctionsToday utilizes the services offered by AWS, encompassing AWS Cloudfront CDN, AWS Application Load Balancing, and AWS Availability Zones, to spread its production environment across multiple physical sites. This diverse location strategy ensures that CharityAuctionsToday’s services remain robust against connectivity interruptions, power outages, and other site-specific disruptions. We’ve integrated High Availability into our infrastructure for optimal uptime. Moreover, our infrastructure is defined by code and managed through configuration systems, facilitating swift recovery from any infrastructure failures. Comprehensive backups, both full and incremental, are kept for essential data and infrastructure components.

Compliance and certifications

CharityAuctionsToday doesn’t retain cardholder data as outlined in the PCI Data Security Standard. Nevertheless, we have attained the topmost tier of PCI Compliance as a PCI DSS Level 1 Compliant Service Provider. Each year, an independent PCI Qualified Security Assessor conducts an audit on CharityAuctionsToday, ensuring we meet all the stipulations of the PCI Data Security Standard. We are also recognized on the Visa Global Registry of Service Providers. For those interested, CharityAuctionsToday’s PCI Attestation of Compliance can be provided upon request.