Keeping Your PAC Data Safe
Crimson’s focus on security is integral to your PAC’s success.
Crimson Security
CMDI makes every effort to ensure that your data is protected on the Crimson platform. From two-factor authorization when logging in to the multi-layered security approach at our data center, the top priority is keeping your information safe.
Best Practices in Security
Crimson for PACs keeps your fundraising and donor data secure using the standards established by the PCI Security Council. When credit card numbers are received in hard copy form, they are handled in secure and monitored environments. Physical credit card numbers are blacked-out and stored safely after transactions are processed through Crimson’s integration with Anedot. Additionally, credit card numbers are never written or stored in our software or hardware, and extensive penetration tests are conducted on our systems.
Automatic Backups & Disaster Recovery
Crimson for PAC’s backup systems take hourly snapshots of your data and replicate them in multiple locations using private links. CMDI retains several months of full data back-ups for all our clients using solid-state hybrid drives. Testing verifies the projected recovery times for restoring data as well as checking the integrity of the restored data. When physical drives are retired, all data is destroyed through a certified process from Iron Mountain.
Crimson Platform Security
Security Testing and Assessments
Before releasing updates or features, we test all our code for security vulnerabilities. Networks and systems are regularly scanned for vulnerabilities and assessed for risks including:
Application vulnerability threat assessments
Network vulnerability threat assessments
Selected penetration testing and code review
Security control framework review and testing
Security Monitoring
CMDI monitors notifications from alerts and internal systems to identify, manage, and block threats and external malicious sources.
Network Protection
Perimeter firewalls/edge routers block unused protocols.
Internal firewalls segregate traffic between the application and database tiers.
Intrusion detection sensors detect and review logins to monitor for suspicious behavior.
Secure Transmission and Sessions
Connection to the Crimson environment is via TLS 1.2 using step-up certificates from GeoTrust. This ensures that there is no unencrypted traffic on the Crimson network, which is indicated when browsers display “https” in the url. Individual user sessions are identified and re-verified with each transaction, using a unique token created at login.
Secure Data Centers
The Crimson application and your data are maintained at a secure, offsite data center that maintains SSAE 16 Type II compliance. This top-tier data center provides carrier-level support, including:
Physical Security
24-hour manned security, including foot patrols and perimeter inspections
Biometric scanning and card readers for access
Dedicated concrete-walled data center rooms
Computing equipment in access-controlled steel cages
360-degree video surveillance throughout facility and perimeter
Tracking of asset removal
Physical Safety
Building engineered for local seismic, storm, and flood risks
Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression
Humidity and temperature control
Redundant (N+1) cooling systems, CPS/UPS systems, and diesel generators with
on-site diesel fuel storage
Redundant power distribution units (PDUs)
VESDA (very early smoke detection apparatus)
Physical Security at CMDI
CMDI takes every effort to secure the physical premises of our office and caging facilities. These security standards include:
Separate biometric access control to enter caging facility and offices
Video surveillance throughout both the offices and caging facility
Dedicated mail intake room, opening and sorting room, document scanning room, and data entry room with their own biometric access and video surveillance
Tracking of asset removal