Security Practices

Data Center Security

• Our data centers manage physical security 24/7 with biometric scanners, and the usual high tech stuff that data centers always brag about.
• We have DDOS mitigation in place at all our data centers.
• We have a documented “in case of nuclear attack on a data center” infrastructure continuity plan.

Protection from Data Loss, Corruption

• Account data is mirrored and backed up regularly off site.

Application Level Security

• CCW Guardian account passwords are encrypted. Our own staff can’t even view them. If you lose your password, it can’t be retrieved—it must be reset.
• All login pages (from our website and mobile applications) pass data via SSL.
• The entire CCW Guardian application is encrypted with SSL.
• Double Password Entry for Sensitive Data: Handgun serial #’s require entering your password a second time, even if you’re already logged in.

Mobile App Security

• Sensitive data is transmitted via SSL.
• Double Password Entry for Sensitive Data: Handgun serial #’s require entering your password a second time, even if you’re already logged in.

Internal IT Security

• Our office is secured by key code access, and is monitored with surveillance cameras throughout.
• Our office network has extremely limited exposure to Microsoft Windows. And that’s all we have to say about that.

Internal Protocol & Education

• Employees are taught not to vilify hackers, which gives the false impression that in the end, the bad guys always lose and there will be a happy ending. Hackers do what they do for money—this is business for them. So we view them as competition. And competition never dies.
• All employees sign a Privacy Safeguard Agreement outlining their responsibility in protecting customer data.
• All new employees are given security guidelines for using social media, including information about social engineering.
• We have an employee termination (AKA: “change management”) process in place.