Yes, both the public side and the back-end of ASAP are secure.
We use the highest level of encryption on both sites. The public encryption begins when your customers try to login or create an account. All of their demographic information, shop cart information and payment information is entirely secure using standard 2048 bit / SHA256 or higher encryption. The entire back end of ASAP where you run reports, enter demographics, retrieve information and build your schedules is entirely secure using the same 2048 bit / SHA256or higher encryption. In addition, all the data in the database is behind a secure firewall that is monitored and only accessed by authorized personnel who are all employees of ASA and under strict confidentiality agreements. Your public site is secure over the entire experience once the customer arrives on the site. The URL will change from http to https. The "s" shows that the site is secure, which is often signified on browsers with a small lock image.
The security and encryption used is Symmetric Encryption, implemented within the .NET framework using SHA1 as the primary hash algorithm. We also have other methods implemented including various other tools (e.g. TLS 1.2) and cipher keys which we can discuss with you if necessary.
NOTE regarding security and the Saved Credit Card feature: If ASAP stores credit card information based on Preference Settings or the use of ASAP Recurring Billing, that card information is encrypted within the ASAP database according to PCI guidelines (https://www.pcisecuritystandards.org/index.php). At no time is the card information viewable by a customer, ASAP user or member of ASA's staff. Only limited information needed to identify a card is available such as last four digits, type and expiration date. ASA takes data security and card processing requirements very seriously. ASA maintains PCI-DSS compliance at all times and is a registered Service Provider with both Visa and MasterCard.
ASAP Security and Backup Summary
ASAP resides in our co-location facility located in Las Vegas, NV (USA). The facility is owned and operated by Switch and is a SSAE-16 audited facility. We obtain their yearly SOC 3 report for our records and due diligence. You can view information about our hosting facility by visiting their website. Our backup and disaster recovery facility is at the Switch Reno facility. ASA is also a registered Service Provider with both Visa and MasterCard. ASA and our websites are PCI-DSS compliant and our systems are scanned, at a minimum, on a quarterly basis by a third-party organization, currently SecurityMetrics, to ensure they meet the PCI-DSS standards. You may request a copy of our most current PCI Certificate and/or AOC by contacting email@example.com. All employees of ASA sign strict confidentiality agreements and security policy agreements upon hiring. Only employees who need access to the servers are allowed to do so and only from within our internal network. Access to the servers is restricted by IP address as well and we have up-to-date firewalls and anti-virus software in place on all servers and the domains. Our database servers are RAID 10 with separated data and log mirrored drives. We backup the entire database to external hardware onsite at the co-location facility every three hours and then move backups to a secure secondary physical location each night. There is also a replication database in use at the primary facility. In the event of a catastrophic failure at our primary co-location facility, we expect ASAP to be back up and live within three hours from our backup hosting facility located in Reno, NV. This is part of the ASA Disaster Recovery Plan, which is reviewed by management, at a minimum, on a yearly basis.
ASA carries both regular business liability insurance coverage (in excess of $2,000,000 per occurrence) as well as E&O insurance coverage that covers our services provided to clients in processing monetary transactions.
Please contact firstname.lastname@example.org for more information.