Erin Reeve | |
October 9, 2018
October is National Cyber Security Awareness Month (NCSAM). In honor of that, this post provides an overview of some of the important security measures that Euclid takes to keep our clients’ sensitive data safe.
1. PCI-Compliant: Euclid has achieved PA-DSS 2 compliance -- which means that the latest and most stringent security procedures and coding practices have been applied to the development, testing, and deployment of its software applications. In order to be certified, an Independent Qualified Security Assessor (QSA) must review and audit the entire development process, perform tens of thousands security tests, submit its findings to the PCI SSC which then must review and certify the results. In order for our clients to maintain their vitally important PCI compliant status, their payment software must be PA-DSS compliant. This is an important achievement that demonstrates Euclid's commitment to credit card payment security for our clients. Learn more about PCI compliance on PCI Security Standards Council’s website.
2. Host Securely Via the Cloud: Using cloud technology is the safest way to store your data. At Euclid Technology, we offer a cloud-based solution for hosting our ClearVantage Association Management Software (AMS). Known as CV Sapphire Hosting, our cloud hosting comes equipped with advanced security to protect your association’s sensitive data, no matter where your employees access the database. Like ClearVantage, CV Sapphire is PCI compliant.
2. Helping You Implement & Maintain GDPR Compliancy: Euclid has been working diligently to ensure that our products and services facilitate and support our clients' compliance with GDPR. Clients can view a full list of GDPR resources that we have compiled here (please note that you will need to login to view and access these resources). We’ve provided a high-level overview of GDPR- specific projects that we have implemented across the ClearVantage product suite below.
- ClearVantage AMS: GDPR Component: Explicit Consent. This feature allows staff users to view and edit the Opt-Ins and Opt-Outs. Please see ClearVantage GDPR Compliance Volume 1 to read about Explicit Consent, and to see how members/customers can manage their Opt-Ins and Opt-Outs online.
- CV Connect CMS: ClearVantage GDPR-Compliant Cookie Consent Module for your CV Connect website (released May 11th, 2018). Please see a complete description in ClearVantage GDPR Compliance Volume 3.
- ClearVantage Reports (applies to both CV Online and ClearVantage Office):
- GDPR Component: Information You Hold. There is a new report in ClearVantage Marketplace under the GDPR section called “GDPR – Information You Hold.” This report goes through your entire ClearVantage database, and it lists the information you hold on individuals in each data table and a data field. This provides a good starting point for taking an inventory of and documenting the personal data that your organization has in its records. This only applies to data stored in ClearVantage. In order to fully meet this specific GDPR requirement, you must do an inventory across all of your systems and data.
- GDPR Component: Right to Access. Under the GDPR, a Data Subject has the right to see the data that you have on file for him or her. There is a new report available called “GDPR – Right To Access.” It is not available in ClearVantage Marketplace because it requires some basic configuration (e.g., what data entities and fields to include in the report. There may be data that the organization holds, such as internal notes, that you do not want to share; nor do you have an obligation to share that information. Hence, the configuration is required). This report provides similar data to that provided in the “Right To Portability” functionality in CV Online. However, this report can be printed or saved as a PDF, and it can be sent to the Data Subject that requests to know what personal data you have on file for him or her. Note that if your website is powered by ClearVantage, and you have a robust member portal (e.g., shows committee history, event history, transaction history, profile data, etc.), your member portal may already meet the “Right To Access” requirement, and you will not need this report.
3. Keeping You Informed on the Latest in Cybersecurity News & Information: At Euclid, we believe that knowledge is power, which is why we post, tweet and send information to help you stay informed about the latest in cybersecurity. We have highlighted a couple of cybersecurity-focused resources that we put out to help keep our clients and the general public safe online.
OTHER RESOURCES FROM THE EUCLID TEAM
View the Euclid Technology blog here, and subscribe by clicking the orange RSS Feed icon at the top-right.
To subscribe to any of our clients only newsletters email us: firstname.lastname@example.org.
- GDPR Newsletters and Resources: Subscribe to our GDPR newsletter to continuously stay informed of how to become or stay compliant with the new rules and regulations of the GPDR.
- Euclid’s Monthly Newsletter: Subscribe to our monthly newsletter. Stay informed about the latest resources and news about Euclid Technology, ClearVantage, and the associations and technology space, including cybersecurity news.
- Euclid’s Weekly Security Newsletter: This newsletter features news and valuable information across the cybersecurity industry to help associations stay safe online.