FTC Safeguards Rule Compliance
For the purpose of meeting recent updates to the FTC Safeguards Rule requirements under section 501 & 505(b)(2) of the Gramm-Leach-Bliley Act we have made some changes to EverLogic DMS. Specifically, we have implemented Multi-Factor Authentication, Stronger Permissions, Encryption and Audit Trails to minimize the Operational, Data & Privacy Risks which can disrupt day to day business activities and result in potential loss of your customer’s Privacy.
- Multifactor authentication is a layered approach to securing data and application where the user is required to present a combination of two or more credentials to verify their identity. Although our new Multi-Factor Authentication feature is compliant with the FTC regulations, it does not help if users create weak passwords for their accounts. For help on Best Practices on Password Management, go to https://www.it.ucsb.edu/secure-compute-research-environment-user-guide/password-best-practices
- We have taken measures to encrypt and limit access to sensitive customer data. It includes SSN/SIN/EIN, Driver’s License & TaxID. On our end, we do not see what information was entered into customer records. We have created a permission that would determine if a user has “Access to Sensitive Data on the Customer, Employee or Vendor” screens. Please be mindful of who has this permission and reconsider on a regular basis if there is actual business need for them to have this. Find out more about our permissions here: https://helpme.everlogic.com/help/employee-permissions-access-authority-defined
- There have been changes to the Customer, Deal, Part Invoice, Repair Order, Purchase Order, that provides an Audit Trail in a security-relevant chronological order that provides evidence of the sequence of activities that have affected at any time a specific operation, procedure, event or device.