Security Takes All of Us
Our relationship with our customers is built on trust. Protecting our customers' data is a responsibility we take very seriously. However, pastors and church leaders also bear responsibility in safekeeping data for members and the church.
People are increasingly sensitive about how their data is collected and used. The article can help you answer some basic questions, but you'll want to invest time and resources into creating a plan for your employees and volunteer leadership to follow. Please visit our legal section regularly for information about our legal policies, FAQs, and advice for security tips and best practices. If you have any other questions, please feel free to email us at risk@acst.com.
How you can help protect your data
-
Encourage staff and members to make sure they can see personal information and update privacy settings accordingly.
-
Administrators should verify new should verify new account registrations daily. daily.
-
Always update your browsers or allow them to automatically update on all devices. Using outdated browsers can introduce vulnerabilities and potentially allow malware or other threat actors into your system.
-
Keep your operating system current and check the system requirements to make sure it's still supported.
-
Use strong, unique passwords and don't share passwords or logins with others.
-
Use trusted antivirus software and update it daily.
How ACST protects your data
- Our software solutions are hosted on major cloud providers (e.g. Amazon Web Services ("AWS") and Microsoft Azure) that offer a 99.999% reliability, with minimal downtime.
-
All server configurations are extensively documented for compliance with the Payment Card Industry Data Security Standard .
-
We encrypt and store all client data backups in redundant cloud storage locations for backup and disaster recovery with 24x7x365 access. Cloud storage data encryption uses AES 256 bit encryption.
-
Each church's data is stored in a multi-tenant relational database. Internally, each church's data is stored in its own table. Tables are indexed and accessed solely using unique ID's connected to the database. Data is retrieved or posted via API calls, ensuring integrity and segmentation. No data crossover is possible using this method.
-
A limited number of authorized ACST employees located in the United States are allowed access to client data.