Customizable Options & Secure Data
The wonders of big data go hand-in-hand with the responsibility of serious data security. We understand that the confidentiality, integrity, and availability of your data is vital to your Republican campaign’s success.
CMDI’s Compliance Services and FEC Reporting work comply with the storage requirements set by the Federal Election Commission:
- Digital images are taken of all checks for $50 or more.
- All physical documents submitted by donors are archived for three years.
- All data is backed up to tape on a rotating schedule of incremental and full backups and stored in off site in vaults for three years.
- Tapes are securely destroyed when retired.
Most security issues come from inside an organization. Crimson makes it easy for you to protect your campaign from any accidental data breaches by providing high levels of user access control. You can create custom user groups based on geography, gift amounts, or any other record attributes. Through Crimson, you can decide:
- Read access — who can see which records
- Write access — who can make changes to a record
Crimson’s “History” feature allows users to review all changes made to a record, as well as who made the changes and when they were made. This feature keeps all users accountable for their actions. You can track down unauthorized changes to your database or unauthorized data exports by seeing your users’ Crimson activities.
This feature is especially important if you find that there were mistakes made and you need to roll back a record to its pre-change status.
Crimson backup systems perform near real-time data replication between the production data center and the disaster recovery center. Replicas of your data are stored in both places, so in the event that one data center fails, your data won’t be lost. Also, all of your data is backed up to tape on a rotating schedule of incremental and full backups. Tapes are securely destroyed when retired.
Note that your data is transmitted across encrypted links and disaster recovery tests verify our projected recovery times and the integrity of the customer data.
Security Testing and Assessments
- Application vulnerability threat assessments
- Network vulnerability threat assessments
- Selected penetration testing and code review
- Security control framework review and testing
Our Information Security department monitors notification from various sources and alerts from internal systems to identify and manage threats.
- Perimeter firewalls and edge routers block unused protocols.
- Internal firewalls segregate traffic between the application and database tiers.
- Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports.
Secure Transmission and Sessions
Connection to the Crimson environment is via SSL 3.0/TLS 1.0, using global step-up certificates from Verisign, ensuring that our users have a secure connection from their browsers to Crimson. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.
If you would like to learn more about our technical security for CMDI products and services, click here.