Having all your church data hosted in the Cloud may sound neat, but you probably hear the stories of data breaches and far too often. Here is how we secure our systems to protect your data at every level.
As our systems are available on the internet, we take a defense in depth approach with multiple layers of controls to secure your data. Our approach covers physical, technical, procedural, and personnel security.
The UCare service and your data are hosted in secure data centers in the United States, EU, and Australia. These data centers are staffed by 24x7 armed security, surveillance, and biometric access controls. In fact, physical access to the servers that contain your data is not allowed. All data is automatically wiped from the servers before physical access is granted.
Our data centers are designed to withstand natural disasters, but if this fails, your data is replicated to a second data center in the same country. If a failure occurs, our systems detect it and switch to the secondary datacenter within seconds. Apart from GEO replication, a full backup of your data is taken every day, differential backups occur hourly, and transaction log backups every five minutes. This means that we have so many backup levels that hardware failure or natural disaster is unlikely to cause more than five minutes of downtime. You can view our system status and track record at any time at status.ucarehq.com.
Whether your data is in transit between our service and you, hosted on our infrastructure, or stored at-rest as a backup, we apply end-to-end encryption to ensure that it wouldn’t be readable even if accessed by the attacker. Your data is also never stored outside a secure datacenter and certainly not on employee’s devices. And when data needs to be accessed, it is done through encrypted, protected VPN connections to our data centers secured via multi-factor authentication and IP lock-down. Any time access occurs in this way; it is fully logged and audited.
We follow the principle of least privilege with all parts of the UCare infrastructure; this simply means we only grant the minimum level of access required to fulfill a specific role or task.
UCare processes financial transactions using third party services from Stripe. Other services providers rely on Stripe storing payment info in a PCI DSS compliant way to avoid auditing and testing their systems. While we never see or store credit card information in UCare (it goes directly to the payment service), we want to ensure that this is maintained and that our infrastructure is PCI DSS compliant. As such, each quarter, we employ third-party security experts to perform vulnerability scanning and real-world penetration testing of UCare. This testing ensures that not just financial info is secure but also the check-in details for your children.
Our engineers participate in secure code training every year. This training covers OWASP Top 10 security flaws, common attack vectors, and UCare security controls. This way, when they are crafting new or review existing features, they are continually looking for vulnerabilities. The engineers conduct threat analysis, and the QA teams review and test all code before it goes into production. Our engineers always work on new features in our test and staging environment, never in our production environment with your live data. Each environment is guarded against vulnerabilities by firewalls. Vulnerability detection tools are also continuously scanning for flaws.
We believe that security is a responsibility we share with our customers; that’s why we provide your admins with the tools they need to grant people access to just what they need. Security areas also allow you to set up different access levels; you can restrict down to the tiniest detail what information is accessible by each team and campus. When granting access, you never set a person’s password. Instead, they do it the first time they sign in, and then we store the password using a one-way cryptographic algorithm, along with rate-limiting; this helps make brute-force attacks ineffective. Finally, we avoid password options where we can, preferring multi-factor authentication that is far simpler and safer.