ComplianceKeeper.com System Security Information
ComplianceKeeper recognizes that securing your data is of utmost importance. We have taken all the necessary steps to provide a safe and secure system to manage the regulatory requirements for the licensing and educating of mortgage professionals.
Below are a few frequently asked questions we have compiled about security. If you have further questions, feel free to contact us at 1-866-527-0033 or email us at firstname.lastname@example.org.
Q: What tools did you use for the creation of the database?
Answer: ComplianceKeeper products are developed using a combination of ASP and PHP running MS SQL.
Q: What security systems do you have in place?
Answer: ComplianceKeeper is hosted on a server protected by dual Cisco PIX firewalls. Communication with users is through a 128 bit encrypted SSL connection. Administrative access is password protected and SSL encrypted.
Q: Is there a Disaster Recovery Site, and if so, what is the URL?
Answer: There are two web servers and two database servers that serve your site. The primary web server has a secondary failover web server that monitors its activity using NSI DoubleTake. If the primary fails, the secondary takes over.
This secondary server is not accessible via a URL because it is dormant until a failure occurs, after which time it assumes control of the primary web server’s IPs. At all times data is replicated between the two servers so that the secondary can be a highly accurate copy of the primary. The two database servers also operate on a primary-secondary model, however, in the case of the database servers content is scripted from the primary to the secondary to keep it up-to-date. Should failure occur on the primary, the secondary would be manually failed over to become the primary.
Finally, as a further protection measure, content from the shared servers is backed-up each night to a tape library, and the code for the site is stored on a completely separate staging server (where changes are made and then taken live to the production environment). All servers are housed offsite in a climate controlled environment by a contracted provider.
Q: Do you test Disaster Recovery annually?
Answer: We test the Disaster Recovery annually. It has already been tested in 2006, and it was successful. We have failed over from the primary to secondary web server in the past without any problems. The only adjustment we have to make when the failover occurs is to fail back and then adjust the log files so that the web visitor data does not have gaps (from the switch to the secondary).