The security and privacy of party and case information is a top priority for the American Arbitration Association (AAA) and its international division, the International Center for Dispute Resolution (ICDR). The AAA-ICDR has implemented best practice policies, technologies and procedures to help protect its data and technology resources. The protections we have implemented apply to all case data and equipment stored and managed on the AAA’s technology infrastructure.
SECURITY TOPICS
• Storing Information Securely
• Encrypting (Scrambling) Sensitive Data
• Data Back-up and Recovery
• Employee Awareness and Compliance
Storing Information Securely
Unique usernames and passwords are required to access American Arbitration Association systems. Users only see what they have been given permission to see given their role within the organization.
The AAA-ICDR also utilizes industry standard firewalls (communication management computers specially designed to keep information secure and inaccessible by other Internet users), antivirus and other related security technologies to secure our network and websites which are housed in off-site secure data centers. These data centers comply with the security regulations set up by the American Institute of Certified Public Accountants (AICPA) for Service Organization Control (SOC) type II reports.
Encrypting (Scrambling) Sensitive Data
The AAA-ICDR web application is secured with 256-bit TLS (Transport Layer Security), which encrypts all data sent over the internet and ensures it is unreadable if intercepted. Clients can choose to provide AAA staff their credit card details and authorize AAA staff to process their payment, or clients can process their own payments directly online. Both processes result in credit card transactions being entered and processed using a third party, industry leading credit card processing company who is PCI DSS (Payment Card Industry Data Security Standard) compliant. No credit card information is stored on AAA-ICDR servers. Your credit card numbers and other personal information are always encrypted when sent over the internet using the AAA web application.
In addition, all AAA-ICDR employee laptops are protected with full disk encryption which prevents unauthorized access to any data on the laptop in the event it is stolen or lost.
Data Back-up and Recovery
In addition to our primary data center, a disaster recovery data center houses a copy of all data which is synchronized in real time. The disaster recovery data center can be used in conjunction with, or in the case of a disaster, as a replacement to the primary data center. Also we run daily backups of all production data which are stored securely both on and off site.
Employee Awareness and Compliance
All AAA-ICDR employees are required to attend annual security awareness training and are also required to acknowledge and sign an Acceptable Use Policy which relates the appropriate and secure use of the AAA’s resources and data. Regular audits and system tests are performed to ensure compliance with security related polices.