Customizable Options & Secure Data
The wonders of big data go hand-in-hand with the responsibility of serious data security. We understand that the confidentiality, integrity, and availability of your data is vital to your Republican campaign’s success.
CMDI’s Compliance Services and FEC Reporting comply with the storage requirements set by the Federal Election Commission:
- Digital images are taken of all checks for $50 or more.
- All physical documents submitted by donors are archived for three years.
- All data is backed up hourly to disks/hard drives and replicated to an off-site recovery point.
- Full backups of data are stored for 6+ months.
- Physical devices are decommissioned by a third-party service that certifies the destruction by either shredding or degaussing.
Most security issues come from inside an organization. Crimson makes it easy for you to protect your campaign from any accidental data breaches by providing high levels of user access control. You can create custom user groups based on geography, gift amounts, or any other record attributes. Through Crimson, you can decide:
- Read access — who can see which records
- Write access — who can make changes to a record
Crimson’s History feature allows users to review all changes made to a record, as well as who made the changes and when they were made. This feature keeps all users accountable for their actions. You can track down unauthorized changes to your database or unauthorized data exports by seeing your users’ Crimson activities.
This feature is especially important if you find that there were mistakes made, and you need to roll back a record.
Crimson’s backup systems take hourly snapshots of your data and replicate them in multiple locations using private links. CMDI retains several months of full data backups for all our clients using solid-state hybrid drives. Testing verifies the projected recovery times for restoring data as well as checking the integrity of the restored data. When physical drives are retired, all data is destroyed through a certified process from a third party.
Security Testing and Assessments
Before releasing updates or features, we test all our code for security vulnerabilities. Networks and systems are regularly scanned for vulnerabilities and assessed for risks including:
- Application vulnerability threat assessments
- Network vulnerability threat assessments
- Selected penetration testing and code review
- Security control framework review and testing
CMDI monitors notifications from alerts and internal systems to identify, manage, and block threats and external malicious sources.
- Perimeter firewalls/edge routers block unused protocols.
- Internal firewalls segregate traffic between the application and database tiers.
- Intrusion detection sensors detect and review logins to monitor for suspicious behavior.
Secure Transmission and Sessions
Connection to the Crimson environment is via TLS 1.2 using step-up certificates from GeoTrust. This ensures that there is no unencrypted traffic on the Crimson network, which is indicated when browsers display “https” in the url. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.