SBS Security

At SBS we recognize that every client’s security concerns are unique. We’re delighted to talk about security — not only because it’s a competitive advantage for us but also because we recognize its growing importance to the people and organizations that we serve.

Our security features include:

• Secured and managed infrastructure by highly trained and certified engineers
• VeriSign industry leading encryption
• Ongoing vulnerability assessments
• 24/7 monitoring and response
• Third party audits
• Microsoft, Cisco and IBM Hosting Partners
• 2 Diesel back-up generators
• SAS70 Type I and Type II auto completed
• Design and customization of forms to clients specifications
• Field tested reliable, hardened software
• Disaster recovery plan

For associations and other organizations that manage elections and member data, security is a major concern. There’s no room for error. Members simply expect that their votes will be counted and that their data will be protected. And when that doesn’t happen — when there are problems — the trust that members have in their organization can be dealt a severe blow.

So, when you manage an election or any other project involving member data, it’s important to ensure security at every phase. And it’s important to understand and receive those assurances up front — before a single vote is cast or a single megabyte of member data is released to a partner.

What should you ask? For some suggestions, we’ve reviewed the most common questions we receive from your peers — our clients who entrust us with their projects. We suggest three questions you should ask your prospective partner about securing elections and other data collection projects involving your members.

1. Explain how you will secure my member database.

It’s a big step to entrust your member database to a third party, and you need to know what happens to that data once it’s out of your hands. To understand the importance of this, one need look no further than the daily headlines for stories of lost or stolen sensitive member data.

Don’t let this happen to you. Ask your vendor to demonstrate how your database will be fully protected against loss, intrusions or hackers, or breaches of confidentiality. They should be able to describe the physical location where it will be stored, and how that location is protected by firewalls, hard pass code policies, active monitoring processes, encryption, and limited access by credentialed experts. Each step in this protection process should be documented to allow for accountability and tracing history. This allows for assurances and demonstration of accountability whenever necessary.

Our systems employ Secure Sockets Layer (SSL)/Transport Layer Security (TLS) encryption to secure traffic between client election systems and voters’ computing devices – the same encryption techniques utilized by US financial and banking institutions.

2. Explain how your digital security infrastructure will protect me.

When a vendor manages a project for you, in an election for example, the member and voting data is usually out of your hands until the results are delivered. So, it’s important to understand what’s happening at each phase of the process to ensure a flawless and fully secured project.

For example, ask the vendor to trace the paths your data will take — where it will reside, who will have access to it, and what will be done to protect it at each step. This is a 24/7/365 process, and in our opinion it is best handled by experts within an Enterprise Data Center operation. A qualified data center can provide physical security, from monitoring who is on the premises to hardware and network security. They also can manage a wide array of important operational details, from ensuring reliable power sources to climate control, connectivity and redundancy systems with both active and passive monitoring processes.

3. Explain how you will secure and verify the accuracy of my physical documents.

Much in the same way you should understand your vendor’s approach to digital security, you need to understand their approach to the physical security of anything committed to paper. You should be assured that there will be checks and balances that guarantee the integrity and accuracy of all final and certified results. Look for procedures, chain-of-custody, and accountability policies that ensure accurate results but provide defensibility in the event of any questions after the project is reported. Policies and procedures should include check-ins, daily counts (or delivered counts), and locked vaults for storing the documents — again, with limited access by credentialed staff.

Having vigorous steps such as these in place allows for results to be matched and cross-checked with the daily counts (or delivered counts) before any final and certified results are delivered. It’s crucial that the entire flow of data is tested and proven accurate. Your partner should be able to demonstrate their accuracy rates at points before, during and after the counting is done.

These steps happen at SBS because we employ staff dedicated solely to measuring and improving the accuracy of our voting processes. Always inquire about a vendor’s quality assurance staff and ask how you can reach them during the election process.