Member Essentials operates on Digital Cheetah's Volunteer Management System (VMS), their latest enterprise platform designed to manage members and volunteers. VMS incorporates cutting-edge industry-standard security practices to ensure data protection. Below is a summary of these security measures. 



Security

  • All Cloud servers run in highly secure, SSAE-22 audited facilities
  • Firewalls protect each site
  • The highest possible SSL encryption is utilized to protect communication
  • Automated anti-virus scans on each server
  • Automated patch management keeps each server up-to-date with the latest security updates
  • Intrusion detection software scans for malicious activity and takes automatic defensive action
  • Regular automated vulnerability scans are performed
  • Annual third-party manual penetration tests are performed against the solution
  • Application monitoring monitors key data points, and automated notifications are sent, reviewed, and remediated for high priority alerts
  • Incident security plan is defined and reviewed at least annually
  • CloudFlare Web Application Firewall is deployed which actively scans and blocks/challenges potentially malicious traffic using bot rules, rate limiting rules, OWASP rules, extended CloudFlare rules, pattern-based heuristics, and custom rules

 

Credit Card Transactions / PCI Compliance

  • Member Essentials does not store credit card numbers
  • Credit card transactions are processed through Stripe.com
  • Stripe is completely PCI compliant. It has been audited and certified as a PCI Level 1 Service Provider, which is the highest level of certification available in the payments industry. 
  • Information about Stripe PCI compliance can be found here > https://stripe.com/guides/pci-compliance

 

Backups

  • All Cloud servers use Raid 1 or Raid 10 to provide a 100% mirrored copy of all disks
  • Regular backups are performed to a separate Cloud backup server
  • Every day an offsite backup is perform to an offsite Cloud server in a geographically diverse location
  • Daily, weekly and month backups are retained
  • Once a day a snapshot of the database and files are created, and 1 full year of database and file backups are stored
  • Backup/restores are regularly daily
  • The Digital Cheetah Cloud Platform can automatically restore an entire site or server within the current Cloud or to a new Cloud from
  • local or offsite backups. This means that in the event of a major catastrophe where an entire data center is incapacitated the Digital Cheetah
  • Cloud Platform can restore all site and servers from backup to a new Cloud provider using a completely automated process