How are user accounts managed?

• Neon CCM and Neon Giving Days applications manage users within the application itself. Administrators have the ability to add/edit/delete any user accounts that can access the system.

What guidelines control Civicore’s password functionality?

• Neon CCM and Neon Giving Days applications include a set of security policies that may be implemented to provide clients with a security configuration that provides them with highly configurable and granular access control. Groups of users may be established and granted specific field or tab level security rights. Additionally, Clients may request custom security requirements that define password strength requirements.

How does program security affect users and their access to data?

• See above

Is CIVICORE software encrypted?

• Application data is stored in commercial grade databases. Backups are encrypted before being transferred.

How are Encrypted Data Discs secured?

• Depending on the sensitivity of the data being transmitted Secure Sockets Layer (SSL) Protocol and Server Digital Certificates are used to encrypt data traffic between our servers and client machines.

How do I know that it’s safe for vendors to access our data?

• See above

Where is data stored? What security elements are present at the storage facility?

• Neon One utilizes Amazon Web Services (AWS) for server hosting. AWS provides highly secure data centers that utilize state-of-the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24×7 by trained security guards, and access is authorized strictly on a least privileged basis. For more information please see – https://docs.aws.amazon.com/whitepapers/latest/introduction-aws-security/introductionaws-security.pdf

How are servers secured?

• See above

What about visitor access?

• See above

Do the servers have anti-virus protection?

• See above (access link for AWS policies)

What is the plan if there is a disaster of some sort?

• See Backups below.

Best Practices/Certification

• Certificates can be provided at request.

Redundant Infrastructure

• Neon CCM and Neon Giving Days applications are built on a multi-tenant architecture enabling each client application to share infrastructure across the platform of Neon CCM and Neon Giving Days applications. This type of architecture allows for the application code base to be updated simultaneously for multiple users. Neon One software engineers and vendors test applications for vulnerability and continually apply released patches as needed.

Backups

• Client databases are backed up daily on the Neon One network infrastructure. Data is encrypted using 256-bit advanced encryption standards before being transmitted out of the production environment to an off-site secure facility.

Schedule

• Daily

Retention Policy

• Neon One retains client data according to the following schedule: Daily Backups – 6 Months Weekly Backups – 1 Year Monthly Backups – 2 years

Disaster Recovery Testing

• Recovery Testing is performed weekly to ensure data is probably backed up can be recovered.

https://support.civicore.com/index.php?downloadFile=1&table=documentation&field=document&check=445d09798775f904694a1bd889964919&key=47

• Scope of the Policy

• Services included in maintenance

• Services outside the scope of maintenance