Security Takes All of Us
The security and privacy of your data is a shared responsibility.
Our relationship with our customers is built on trust. Protecting our customers' data is a responsibility we take very seriously. However, pastors and church leaders also bear responsibility in safekeeping data for members and the church.
People are increasingly sensitive about how their data is collected and used. The article can you help answer some basic questions, but you'll want to invest time and resources into creating a plan for your employees and volunteer leadership to follow. Please visit our legal section regularly for information about our legal policies, FAQs, and advice for security tips and best practices. If you have any other questions, please feel free to email us at risk@acst.com.
Please visit our Church Growth blog for security and privacy related articles. In particular, check out these articles:
Information Security for Staff and Volunteers,
How ACST protects your Realm ChMS data
-
Realm ChMS is hosted in Amazon Web Services ("AWS") US East 1 regional zone. The computer servers hosting Realm are implemented using AWS recommendations and industry best practice security configurations. All server configurations are extensively documented for compliance with the Payment Card Industry Data Security Standard .
We encrypt and store all client data backups in redundant cloud storage locations for backup and disaster recovery with 24x7x365 access. Cloud storage data encryption uses AES 256 bit encryption.
Each individual church's data is stored in a multi-tenant relational database. Internally, each church's data is stored in its own table. The table is indexed and accessed solely using unique ID's in the database. Any data needed is called by an algorithm call to either post data to or retrieve the data back from the database, ensuring integrity and segmentation. No data crossover is possible using this method.
Only a limited number of authorized ACST employees located in the United States are allowed access to client data.
How you can help protect your data
-
Be sure you know you can see your personal information, and update your privacy settings accordingly.
Administrators should review new account registrations daily when your church is using the open-invitation model.
-
For the best experience, we recommend that you always update your browsers, whether you're using a computer, a tablet, or a mobile device. Using outdated browsers can introduce vulnerabilities and potentially allow malware or other threat actors into your system.
Keep your operating system current and check the system requirements of the software vendors you use. If they allow operating systems that have experienced "end of life", they pose a threat to your system - even if your computers are up to date. For example, as of January 14, 2020, Microsoft stopped supporting Windows 7.
Use strong, unique passwords and don't share passwords or logins with others.
Use antivirus software and update it daily.