The security and privacy of your data is a core part of our business, and is our top priority. This document provides our customers with our corporate statement regarding our data security program, and a review of the process we follow regarding our commitment to information security and compliance.
Payment Card Industry Data Security Compliance
The Payment Card Industry (PCI) Data Security Standard is a worldwide standard for payment card and consumer financial data protection. It incorporates the requirements of the Visa USA Cardholder Information Security Program (CISP) and the Visa International Account Information Security (AIS) program, the MasterCard International Site Data Protection (SDP) program, as well as the security requirements of American Express DSS, DiscoverCard DISC and the Japan Credit Bureau (JCB). VISA and Mastercard now require all merchants to adhere to the PCI security standard. Our compliance with PCI standards is certified by a certified PCI compliance services provider.
In order to maintain PCI Compliance certification, all publicly accessible internet devices and any associated domain(s) hosted on them must have been audited within the past 3 months, and all vulnerabilities categorized as Urgent, Critical, or High severity (Level 3 or greater) must have been corrected within 72 hours of their discovery.
Our sites are tested with industry-standard PCI Compliance remote vulnerability testing, and are tested at least every 90 days to pass all external vulnerability audit recommendations of the Department of Homeland Security’s National Infrastructure Protection Center (NIPC), the SANS/FBI Top 20 Internet Security Vulnerabilities list, as well as the vulnerability audit requirements of Visa’s CISP and AIS, MasterCard’s SDP, American Express’ DSS and Discover Card’s DISC security standards.
DoJiggy sites are also certified to be in compliance with the network perimeter security criteria mandated in such regulations as: the Health Insurance Portability & Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), the Sarbanes-Oxley Act (SOA) and the Government Information Security Reform Act (GISRA), as well as Canada’s Personal Information Protection and Electronic Documents Act.
SSL Data Encryption
DoJiggy uses Secure Socket Layer (SSL) technology for mutual authentication, data encryption and data integrity. SSL is the industry standard security protocol to encode sensitive information, such as your credit card number. SSL creates a shared digital key, which only lets the sender and the receiver of the transmission scramble or unscramble information.
Local Data and Physical Redundancy
DoJiggy customer data is backed up locally to two different redundant backup servers nightly. We maintain redundant web and database servers, fully configured with all software and data, so the in the unlikely event of a failure of any of the main servers, the back up servers will be available, pre-loaded with the most recent production data and software.
All DoJiggy customer data is also backed up to three offsite secure locations – to one site nightly, and to 2 other sites every 4 hours from 6:00am to 10:00pm daily. Each DoJiggy backup storage location is highly secure and includes alarms, controlled access, fire suppressors, redundant bandwidth, and emergency power generators – everything necessary to ensure valuable customer data is always secure. Our offsite locations boast high-quality RAID-5 redundant hardware in every file server and near instant data mirroring over high-speed connections between our storage locations.
As an example, one of DoJiggy’s storage facilities is maintained in the world-famous Barracuda co-location facility in Ashburn, VA.
Access and Event Monitoring
DoJiggy maintains and regularly reviews, a real-time and long-term event and login access monitoring system. This system helps us meet host-based security information event management (SIEM) objectives and adhere to demands of regulatory compliance requirements like HIPAA, SOX, GLBA, and PCI.
Ongoing Periodic Security Vulnerability Scans
DoJiggy conducts weekly security vulnerability scanning of key network resources, to identify potential security holes. Security vulnerability scanning is conducted by TrustWave. TrustWave identifies vulnerabilities in real-time, categorizes the detected risks, and then provides recommendations and solutions for improvement. Should there by any reported security vulnerabilities, they are secured within 72 hours. These security scans ensure that web sites, servers, routers, firewalls and Internet-connected devices are free of known vulnerabilities and pass the SANS Top 20 Internet Security Vulnerabilities as defined by SANS, the FBI and FedCIRC.
Emergency Backup Data Center
DoJiggy now maintains a complete Emergency Backup Data Center located in Phoenix, Arizona. Phoenix is a major commercial/industrial center, and is home to a number of military and government installations, giving the area a secure and established internet and communications infrastructure. The emergency backup data center allows DoJiggy services to be operational within hours in case of a major disaster affecting our primary datacenter, such as a large earthquake, biological hazard, terrorism threat or long-term power outage. All data, software and related services are maintained on warm standby, ready in case of nearly any disaster scenario.
Data Security Compliance Statement
DoJiggy products and services meet the physical and technical standards, and provide all necessary controls for our customers to maintain their administrative security compliance standards. Specifically, DoJiggy agrees to: Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected financial information that it creates, receives, maintains, or transmits on behalf of our customers. In summary, DoJiggy has implemented reasonable and appropriate safeguards to protect our customers financial and business information. Furthermore, DoJiggy agrees to report to our customers any security incident of which it becomes aware, and will authorize the termination of any customer contract in the case of any material breach of this compliance statement.
For more information on Data and Security Compliance, please see: