• Data Security

Tracker I-9 Security Standards:

*The statements below only apply to Tracker I-9 Complete (SaaS platform version Scarlet).

Multi-Level Physical Security

Client data is fully secured in Tier III data centers located in multiple geographies. Nightly backups and redundant systems protect data for increased availability. Tracker’s managed hosting partner is third-party audited, with SSAE 16 Type 2 SOC 1 and PCI ROC reports available for review. Physical access to data centers is strictly controlled by guards, alarms, and video monitoring — 24 hours per day, 7 days per week.

Uncompromising Data Protection and Security Standards

All data is encrypted at rest and in transit. Further, backups are encrypted on disk, at all times. Tracker products support Certificate Authority High Assurance Class 3 SSL certificates with support for 256-bit AES encryption and 2048-bit RSA key length, as per best practice. Tracker’s I-9 products offer full database-level encryption using SQL server transparent data encryption (TDE) and additional column-level encryption on PII. Tracker solutions are compliant with E-Verify web services software, meeting current DHS requirements. User accounts require complex passwords and are stored as encrypted values. Passwords are not accessible by Tracker employees.

Defense Against Intrusions

Our Intrusion Detection System (IDS) utilizes multiple detection technologies including signature-based, protocol-based, and anomaly-based inspection methods to detect suspicious activity and alert operations personnel. Networking and security experts monitor network traffic, performance, and other critical parameters 24 x 7. Our security incident response team can immediately escalate intrusions to executive management and law enforcement.

Secure Infrastructure and Development Processes

Tracker uses third parties to provide manual and automated vulnerability scanning on its infrastructure and code base. Furthermore, Tracker utilizes static code and dynamic code analysis tools in its development cycles as part of our SDLC.

Privacy from Prying Eyes

Sensitive information can be masked, ensuring data such as Social Security numbers, birth dates, and other document data is obscured on-screen, limiting over-the-shoulder unintended viewing. Sensitive PII can also be masked when running reports.

Trusted by Industry Leaders

Tracker I-9 products consistently pass security audits by Fortune 500 companies, educational institutions, government agencies, utilities, and contractors.

Tracker’s privacy policy includes provisions on EU-US Privacy Shield and GDPR. Tracker Corp’s IT leadership is CISSP-certified (Certified Information Systems Security Professional).

Please reach out to trackerinfosec@trackercorp.com for more information or with any data and infosecurity-related questions.

 


 

ImmigrationTracker Security Standards:

*The statements below only apply to Tracker IMS 8 (SaaS platform version Shock).


ImmigrationTracker utilizes advanced technology for data security. We ensure fully client data security by leveraging a comprehensive set of policies, processes and infrastructure including data encryption, access controls, firewalls, intrusion detection, and system redundancy.

Strong, Multi-Level Physical Security

Your data is secured with a hosting provider that has an ISO 27001:2013 certification and available PCI ROC and SOC1 reports.

Sound Environment Security

Nightly backups and redundant systems distributed across geographies protect your data in case of disaster. An unexpected outage in one geography will not affect the other, providing complete system redundancy for disaster recovery.

All ImmigrationTracker production and backup data is housed in the U.S

Uncompromising Data Protection

All data is encrypted in transit. ImmigrationTracker supports Certificate Authority High Assurance Class 3 SSL certificates with support for 256-bit AES encryption and 2048-bit RSA key length. Your data is required to be encrypted in transit utilizing TLS 1.2.

Your data is also encrypted at rest, with databases and backups encrypted using SQL server transparent data encryption (TDE). All user accounts require complex passwords, and you can choose to increase the complexity of passwords further. Passwords are stored as one-way hashed values and are never known to Tracker staff.

Protection from Intrusions

Your data is protected by an intrusion detection system (IDS) that utilizes multiple technologies at both the network and host levels to identify suspicious activity and alert operations personnel. Engineers continuously monitor critical parameters having to do with network traffic and availability. A security incident response team is on hand to escalate intrusions to executive management and law enforcement immediately.

Security Built into Policies and Practices

At Tracker we know that technology alone cannot fully protect critical assets, so we’ve also built security into our policies and practices. ImmigrationTracker is scanned daily by Trust Guard, earning a Trust Seal for website security. Before every major release, we conduct a web vulnerability scan on ImmigrationTracker, using Veracode. If any issues are detected, they are remediated immediately. And every year, we use a third-party security provider to conduct security assessments and penetration tests on ImmigrationTracker.

Tracker’s privacy policy includes provisions on EU-US Privacy Shield and GDPR. Tracker Corp’s IT leadership is CISSP-certified (Certified Information Systems Security Professional).

Please reach out to trackerinfosec@trackercorp.com for more information or with any data and infosecurity-related questions.


Award-Winning Customer Support

When it comes to your employee’s compliance and security, we hold ourselves to the highest standards of customer service. Access your dedicated team of experienced Support Agents around the clock, 24/7. And in the event of a federal audit, we’ve got you covered with our award-winning Audit Support,
including the industry’s only No-Risk I-9 Audit Assurance.

Take the first step to I-9 Compliance.

Schedule your customized demo today.

Schedule a Demo