Skip to content. | Skip to navigation

Navigation

Personal tools
You are here: Home / Community / Statement About Our System Security

Statement About Our System Security

Here is information you may want to know about the The Trusted Advisor Toolkit™ security

We insist on the best and most secure technologies in every category. Operating systems, programming languages, framework, app engine, encryption, authentication, authorization, serverware... there are many layers, and every layer is among the best security records in its field.

Related: Email Phishing Scams - Here's How To Stay Safe

 

Our Security Certifications and Accreditations.

 
Our systems, and your data, are protected with the exact same standards that Amazon.com and other major players like Google use for their own online assets.

Communication With Our System Is Always Through a Secure Sockets Layer (SSL)

 

What's SSL?

The Trusted Advisor Toolkit System Security

In short, SSL is the standard method to safeguard communications between computers over the internet.  The computers on each end are secured behind their respective 'firewalls' etc, but they need a way to send data to each other through those firewalls.

SSL ensures that your machine can talk to ours privately using the latest standard of data encryption. Even if someone did manage to intercept an SSL data stream they couldn't understand anything inside it.

SSL also ensures that the computers are connected to the precise machines that they intended to - that no other computer can sneak into the conversation or pretend to be one of ours.  It's how computers know who they're actually talking to.

 

How do I know we're using SSL?

You can confirm SSL is being used by noting that http:// in the URL is replaced with https://.

https

Most current browsers now  color-code the https text (in the address bar) to indicate how secure the channel is. Green is best. If ever the https is red (or has a strikethrough font) then the certificate may not have been verified or perhaps is out of date, but your conversation is still safely and fully encrypted.

https security message

Please note that we occasionally change or update graphics which can sometimes trigger minor warnings until have we finished securing them.  Meanwhile our data and yours is always encrypted (especially related to your client list and meeting plans).

We occasionally change or update graphics which can sometimes trigger minor warnings until have we finished securing them.  Meanwhile our data and yours is always encrypted (especially related to your client list and meeting plans).

 

The Human Element

It is important that every member on your team:
  1. Have their own unique login and password (see the Team Management tab). 
    Said another way, if anyone is using another's login to gain access to The Trusted Advisor Toolkit™, you have allowed potential security breeches.
  2. Keep passwords private.
  3. Change passwords periodically.  
    Password changes are easy; before logging in simply click "Forgot your Password?" to receive an email containing a password reset link.
Among the many important reasons, these are of particular note from a security standpoint:
  1. When you remove someone from your team, removing their login access  is the only way you can be assured they no longer have access.
  2. If a former member of your team has other team members' login information, your system security is in jeopardy.
  3. Unlike what you see on TV; "hackers" don't 'crack' encryption, they 'crack' people. It's a form of identity theft.
    1. If they can obtain enough information to imitate you, they may be able to use that information to get enough security information from others to break into your system.
    2. Encourage your team not to advertise any common methods they use to select passwords etc (even with other team members around the "office water cooler").
    3. Be suspicious of anyone who initiates any contact requesting personal or sensitive information (such as login information).
 
A reasonable level of caution is all that's needed to maintain the safeguards we've put in place.
- The Trusted Advisor Toolkit™ Security Team
 

Compliance

Question: For compliance purposes and disclosure of outside business activities, what do you recommend I give our compliance attorney to define my Trusted Advisor work within the Toolkit?

Update 2018: Also see our GDPR Compliance guide.

 

video here

 

 
 
 

Compliance Department Contact Request [Full-access Members Only]