The following data security features will be in place to protect sensitive information transmitted to and from your website:
System Design Reliability: The Sympact CMS website management system is used by hundreds of firms nationwide, and has been in place for well over 9 years, giving a track record of reliable and secure operation.
Specific Sympact CMS Security Features:
- PHP PDO SQL Query system that enforces paramterisation in order to prevent SQL injection.
- No client-specific FTP access.
- User passwords are encrypted before being stored.
- Secure Socket Layer protection (Optional): Any data entered into your website and transmitted to the hosting server is encrypted using 2048-bit signed SSL certificates. Credit card details also have an additional AES-256 encryption applied prior to submitting through the SSL.
- Email Notifications (Optional): Instead of sending the content of your website's form submissions, the CMS will simply send you a notification to view the responses through an SSL protected secure log-in area.
- Individual Administration Users: You can establish log-in accounts for any staff that requires access to edit the website content. All changes to published data is audited with roll-back capability. All deletion and transmission tasks (such as sending email newsletters) also require an authentication password over and above the user's log-in credentials.
- Any clients that you grant access to are controlled with a comprehensive access level regime with individual content available for specific users.
- File Location: All sensitive documents are located behind the public website folder, using php scripting to authenticate access prior to serving the document.
Disaster Recovery at Server Level:
- Your hosting server uses a hardware RAID configuration of enterprise grade hard drives, enterprise level processors and mainboards. Should a hard drive fail, a hot-swap of the failed drive can be performed without any downtime.
- We also take weekly backups of your site stored in another state in the case of complete data centre failure. In the case of a hacking that destroys both the online primary server and the online remote backup server, we store weekly backups offline (disconnected from the internet) for restoration on a fresh server if required.