Data security is paramount these days and at Purchasing Power we take our responsibility to protect and secure our clients’ and customers’ information seriously. Further, we strive for complete transparency around our security practices. Here’s a summary of those practices:
Protecting our Clients
- Managed File Transfer: We utilize Managed File Transfer (MFT) to manage the secure transfer of data.
- Encryption Methods: We use standard encryption methods on our file transfer site. Only authorized personnel can view and handle data files in the process.
- Security Methods: We partner with a secure infrastructure company to host our data center which is fully SOC1l Type 2 compliant and uses industry standard security methods for accessing hosting sites including picture badges and fingerprint biometrics.
- Archival, Destruction and Disposal of Data: We partner with an industry-leading information management services company to securely transport physical and electronic data for archival and disposal of physical information.
- Security Services: We contract with a third party to provide intrusion detection (IDS), intrusion prevention (IPS) and security information and event monitoring (SIEM) services.
- PCI Complaint: Purchasing Power is PCI 3.2 compliant as a merchant, certified by a third-party assessor.
Protecting our Customers
- Privacy: Information collected by Purchasing Power is used for processing customer orders. Some information may be shared with their employer or sponsoring organization under circumstances as required by their program agreement. It is only shared externally with approved vendors and partners which whom we are contracted to do business, per the policies stated in our security policy.
- Information Protection: Our site is certified by a trusted certificate which is your assurance that our site is authentic and that we are employing transport layer security (TLS). For additional protection, customer account information and order history are kept behind a firewall on separate servers.
- Information Visibility: Only authorized Purchasing Power personnel are permitted access to customer account information.
- Fraud Prevention: We work with a fraud detection partner to strengthen processes, implement prevention tools and proactively detect potential fraudulent actions.