Security is a high priority and an integral part in the design and development of Investigative Concepts, Inc. applicant screening system. Attention is given to high publicity threats such as viruses, denial of service attacks, and other malicious activities over the Internet, as well as to maintaining the integrity and confidentiality of sensitive application data such as credit reports, social security numbers, and other personally identifying information. Investigative Concepts, Inc software platforms development staff uses industry-leading technology to secure the site (a.k.a. InstaScreen) and its operating environment, including client authentication (password-controlled access), data encryption, public-private key pair, firewalls, intrusion detection, filtering routers, and data backups. Each component acts as a layer of protection to safeguard information from unauthorized users, deliberate malfeasance, and inadvertent loss.
User authentication – Password-controlled access requires users to authenticate through a private login ID and password before accessing the system. After authenticating to the system, sessions that remain inactive for a period of time expire, requiring the user to re-authenticate before continuing. Additionally, user accounts that remain unused for extended periods of time are automatically disabled. User passwords are protected in the system using sophisticated hashing schemes and should never be shared. Passwords must be reset at least every 90 days, differ from the previous three passwords, be at least 8 characters in length, and contain at least one each letter and digit. A password recovery feature allows a user to retrieve his or her login ID and/or reset a forgotten password after correctly answering several pre-configured security questions and a CAPTCHA.
IP Restrictions – System access can be further restricted at the client or user level by IP address(es). Any attempt to access InstaScreen from an IP address outside the authorized range is rejected.
Encryption – All transactions are performed in a secured environment. Access to InstaScreen requires use of HTTPS. Supported web browsers automatically secure the session communications using the Secure Sockets Layer (SSL) 3.0 or Transport Layer Security (TLS) 1.0 protocol using 128-bit encryption. All data is encrypted as it travels between the client web browser and the InstaScreen servers and can only be decrypted with a public and private key pair, thus protecting against eavesdropping, server impersonation, and stream tampering.
Firewalls, Intrusions Detection and Filtering Routers – The InstaScreen servers are protected by firewalls, intrusion detection, and filtering routers which verify the source and destination of communications. The routers and firewalls are configured to reject any unauthorized, suspicious, or disallowed traffic. Routers keep out traffic that does not emanate from either end of the secured session between the client and the server.
Physical Security – The physical server machines are hosted at a state-of-the-art collocation facility that is staffed on-site 24/7 to provide an immediate response to any incident. Access to the facility is restricted to authorized personnel and is secured by both password-protected keypads and biometric scans. Door, glass, and motion events at the facility are digitally recorded and archived, as well as observed live by facility staff for any suspicious activity. UPS systems and a 500-kilowatt diesel generator ensure electrical service to the facility. Multiple fiber providers provide Internet connectivity with diversified entry points into the facility. The cooling system incorporates redundant components, excess capacity, and high-efficiency technologies to maintain an optimal operating environment for the servers.
Data Integrity – Database servers are configured with mirrored hard drives to provide real-time, fail over redundancy. Additionally, nightly backups of data are scheduled, with archives removed weekly to an offsite location for additionally redundancy.
Client Responsibility – Clients are expected to guard their password carefully and to not share it with or disclose it to anyone, for any reason. Investigative Concepts, Inc staff will never ask a client for their password. Clients must also ensure the security of their InstaScreen sessions, completely logging out of the system when finished and not leaving active sessions unattended. Paper and electronic copies of reports must be carefully controlled to prevent the unauthorized distribution or disclosure of personally identifying applicant information.
A robust and secure system requires a multi-faceted solution with hardware, software, and education. Critical to the success of any secure system is the education of its user community and employees on the importance and sensitivity of information. Knowledge of why and how data is secured, and the permissible uses of all information, is essential in maintaining the integrity of the system and its contents.
Investigative Concepts, Inc. will use the personal information you provide for the sole purpose of fulfilling your request for products and services. In the course of fulfilling your request, it may be necessary to disclose the personal information you provide to third parties. We will disclose personal information to third parties only when necessary to fulfill your request, and in such cases, as permitted by law. Investigative Concepts, Inc. neither sells nor shares with third parties any personal information, including email addresses, gained through the fulfillment of requests for products and services.
Investigative Concepts, Inc logs all activities performed on our website and periodically examines the log files. This analysis helps detect fraudulent activity, identify system faults and failures, and characterize aggregate system performance. When used in the course of scientific or research purposes, all reasonable identifying information is removed.
Investigative Concepts, Inc will never ask you for your password. If we require authenticated access to your account information for any purpose, we will refer you to a system specialist who will have access to your account information. Please guard your password carefully and do not share or disclose your password to anyone, for any reason. Every user is responsible for his or her username and password and any misuse thereof.
Investigative Concepts, Inc software platform is certified by TruSecure, a security-assurance company. This means that we have taken every known precaution to protect you from the loss, misuse, and alteration of the information under our control. Confidential information is encrypted when transmitted to and from our websites.
Investigative Concepts, Inc welcomes your input. If you have any questions or comments about this privacy statement, the practices of our website, or your dealings with our website, please send correspondence to:
Investigative Concepts, Inc
P.O. Box 471832
Tulsa, OK 74147