Data Security Solutions
PCLender's tools and services assist with the security requirements established by the Gramm-Leach-Bliley (GLB) Act, Sarbanes-Oxley (SOX) Act, and Federal Financial Institutions Examination Council (FFIEC). GLB provides requirements to protect customer data; SOX makes managers and executive teams liable, with criminal penalties; and FFIEC sets forth guidelines that regulated institutions are required to follow.
Our services include:
Protecting customer data behind firewalls: PCLender's LOS users reduce the risk that, when used remotely, most laptops are not protected by a professionally managed firewall, and access to private data can be compromised.
Encrypting the storage of customer data: Database tables are further protected by ensuring data is encrypted and therefore useless without proper authorization.
Controlling access to customer data: User rights are set on a need-to-access basis. This means that users only see loans that they are granted authorized access to. Additionally, user-defined roles prohibit access to data or the ability to export data without the appropriate authorization.
Protecting physical property and hardware: PCLender production-ready application and data servers are hosted SAS70 Type II facility that can only be accessed via authorized personnel with physical IDs, passwords, and biometric security.
Excluding data on workstations: Data on laptops and workstations are typically not included in standard disaster recovery and business resumption planning. We centralize data management on our client's behalf, and our disaster recovery and business resumption processes are independently tested to ensure secure access to accurate data.
Requiring dual authentication when logging into applications with "customer data" (FFIEC business requirement): We require authorized users to have unique database and communication protocol knowledge.
Ensuring secure data transmission: Our proprietary "thin client" technology creates a new encryption key each time a user logs on, to provide additional security for data communication.