Security of your Personal Information
The ARMCO secures your personal information from unauthorized access, use, or disclosure. We are committed to the work of ensuring our business with you is secure through using a combination of our own security best practices and our vendor web host security capabilities and standards (e.g., Payment Card Industry Data Security Standard, etc.). The ARMCO uses the following methods for this purpose:
- Security Sockets Layer (SSL) Protocol
- Systems Monitoring and Auditing
- Staff Training and Review
- The ARMCO Response Program
When personal information (such as a debit or credit card number) is transmitted on or to other websites, it is protected through the use of encryption, such as the SSL protocol.
Encryption: Is the conversion of data into a form, called a cipher text, which cannot be easily understood by unauthorized people. Encrypting transactions provides security by ensuring that no portion of a transaction is readable except by the parties at each end of the transmission. This ensures that data can be transmitted securely without concern that another party could intercept all or part of the transaction. Encryption also makes certain that the transaction is not tampered with as it routes from point to point and data is received exactly as it was sent.
Systems monitoring and auditing, at The ARMCO, must be performed to determine when an implementation or failure of the information system security, or a breach of the information systems itself, has occurred, and the details of that implementation, breach, or failure. System monitoring and auditing is used to determine if appropriate or inappropriate actions have occurred within an information system. System monitoring is used to look for these actions in real time while system auditing looks for them after the fact. This security practice applies to all information systems and information system components of The ARMCO. Specifically, it includes:
- Mainframes, servers, and other devices that provide centralized computing capabilities
- Devices that provide centralized storage capabilities
- Desktops, laptops, and other devices that provide distributed computing capabilities
- Routers, switches, and other devices that provide network capabilities
- Firewall, Intrusion Detection/Prevention (IDP) sensors, authentication, and other devices that provide dedicated security capabilities
- Electronic commerce (e-commerce) devices that provide financial service security and communications capabilities
Firewall: Any hardware and/or software designed to examine network traffic using policy statements (ruleset) to block unauthorized access while permitting authorized communications to or from a network or electronic equipment. Firewall operating systems and configurations will be reviewed periodically to ensure maximum protection. An audit log will be maintained tracking all attempts to access un-configured (blocked) services. Firewalls and other access devices will be used, as needed, to limit access to sites or services that are deemed inappropriate or non-corporate in nature. Vendor hosted solution firewalls will be reviewed prior to implementation.
Authentication: Is the process of determining whether someone or something is, in fact, who or what it is declared to be. Depending on the transactions, a more stringent authentication process may be required.
Electronic commerce: Electronic financial services delivered via electronic means including, but not limited to, the Internet or other electronic delivery vehicles.
Staff receives training and reviews all procedures at least annually or as major system additions or changes are implemented. The ARMCO recognizes that e-commerce security issues change daily. New threats to security, safety, and accuracy appear daily and system vendors publish updates and patches regularly to eliminate the threat. To assist in the ongoing maintenance of key components of information system security, The ARMCO will engage, at a regularly scheduled interval, consulting and audit oversight with a nationally recognized provider in the area of e-commerce security. This vendor may also provide technical assistance as new e-commerce related features are added to the system to ensure the continued safety and security of existing systems.
The ARMCO Response Program: In the event The ARMCO staff or our vendor(s) suspects or detects unauthorized individuals have gained access to our information systems, The ARMCO will report such actions to the appropriate regulatory and law enforcement agencies according to The ARMCO’s information security response procedures.
We strive to take appropriate security measures to protect against unauthorized access to or alteration of your personal information. Unfortunately, no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, you acknowledge that: (a) there are security and privacy limitations inherent to the Internet which are beyond our control; and (b) security, integrity, and privacy of any and all information and data exchanged between you and us through this Site cannot be guaranteed.