01 Aug 2015

Despite OPM Data Breach, Rest Easy with BMS

0 Comment

In June 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of what is now estimated to be approximately 21.5 million people. The breach has been described by federal officials as one of the largest breaches of government data in the history of the U.S, and targeted Personally Identifiable Information (PII) such as Social Security Numbers, names, dates and places of birth, and addresses.

Even with strict rules and procedures in place to protect your PII, you may be losing some sleep wondering about the security of the data for your cases housed at BMS. We want to let you know that, with BMS, you can rest easy. As the leading provider of software solutions for bankruptcy and corporate restructuring professionals, we take our commitment to security very seriously. We’ve embedded security into every aspect of our service to you and into our CaseLink and TrustWorks software platforms, so you can rest assured that your professional activities and data are both secure and in compliance.

Here are some areas where BMS ensures above-and-beyond security for our clients:

BMS employs the most stable, secure and proven data security

  • Transport Layer Security (TSL) which provides encrypted and authenticated communications between the computer and server
  • Audit log maintained for all CaseLink log-ins
  • Daily scans run by Nessus on BMS Internet-accessible servers to proactively assess security issues. (Learn more: http://tenable.com/products/nessus.)

Client data is also extremely well-protected physically

Information communicated to BMS servers is housed in an ultra-secure facility that adheres to the following guidelines:

  • Controlled access is given to specific BMS personnel
  • Access logs track who comes and goes from the facility. All activities are monitored by video cameras and guards
  • Three-factor authentication including photo ID, as well as authenticated card key and biometric hand scan are required to enter into the data center
  • BMS servers are kept in a locked cabinet so only authorized personnel may access physical hardware
  • 24/7/365 operations center monitors Internet connections, electrical, and cooling operations
  • Facility is compliant with global security standards. (Learn more: http://www.latisys.com/compliant-hosting/soc-2-type-ii-soc-3)

BMS employs data backup protocols

BMS assists each client with backing up their data so that they may access it in the case of unexpected circumstances – either by helping them configure their own backup software or by employing the following methods in securing client data in our Cloud-based platforms:

  • Client data is backed up in an encrypted format to a secure facility
  • Client data is replicated daily to a separate secure facility in another geographical location.
  • Commercial colocation facility is used for BMS servers (Learn more: http://www.latisys.com/managed-security/overview)

BMS is unique in its use of one bank – Rabobank

While our competitors employ multiple banks, each with different processes and multiple points of data interchanges, BMS partners with just Rabobank. This single point of integration ensures:

  • Limited employee access – access to account information is restricted to only those employees who can assist you or complete bank-related tasks. Rabobank and BMS Banking Center employees are required to keep customer information confidential, and are subject to disciplinary action or termination if they fail to do so.
  • Physical security – strict policies and procedures are used at Rabobank to protect the security of any sensitive information. These procedures are regularly reviewed and updated to account for changing threats and ensure compliance with federal laws.

BMS Banking Systems are already SOC 1 Certified; SOC 2 certification is under way

Due to the large amount of funds placed by our clients at Rabobank, BMS, unlike other software vendors, must meet a higher standard for our processes for financial reporting, data security and internal controls when it comes to banking transactions. As such, our banking applications and systems are already SOC 1 certified which means that we have the right processes in place for financial reporting.  BMS is currently undergoing our SOC 2 audit which, when complete, will certify that the confidentiality, privacy and security measures we already have in place are in line with current security concerns worldwide. As a technology and cloud-computing service company, BMS has been audited on the basis of these Trust Services Principles (TSPs):

  • Security: Systems are protected against unauthorized access, use, or modification
  • Confidentiality: Information designated as confidential is protected as committed or agreed
  • Privacy: The organization’s collection, use, retention, disclosure, and disposal of personal information are in conformity with the commitments in the service organization’s privacy notice and with criteria set forth in the Generally Accepted Privacy Principles (GAPP) issued by the AICPA and CICA

If you have questions, concerns or would like more information about BMS Security Protocols in place to keep your data secure, you are encouraged to contact the BMS Support Center at 800-634-7734, ext. 2 to speak to one of our Hardware Technicians, or email us at support@bmsadvantage.com.