Security is more than the underlying technology. We have policies and processes in place designed to protect our customer's best interests. Access to data and servers is only given to those with a true need for such access. We have incident response plans ready to go, train all employees in security awareness, and perform background checks during the hiring process.
Amazon Web Services
Security starts with the server infrastructure - the actual hardware and network in the data center. The SportsEngine platform runs on Amazon Web Services, the same cloud computing platform which powers Amazon.com and other major internet sites.
The SportsEngine platform takes care to encrypt sensitive data with SSL so you can rest assured that your data is safe as it travels from your computer to our servers and back. Our servers use the strongest SSL ciphers and our certificates are 2048 bit - all designed to keep your data encrypted at today's highest standards.
PCI level 1 compliance
SportsEngine has attained PCI-DSS Level 1 compliance. This is the highest level of compliance with the payment card industry’s security standards for credit card data - the same level that Banks and the largest online retailers are certified at. We have been audited by an external firm and have met or exceeded all PCI Level 1 requirements.
We are very protective of our customer's data. We do not store credit card numbers anywhere. We do not give your data to any third parties.
Security is ongoing
The world of security is constantly changing. Automated tools alert us to newly discovered security vulnerabilities and we update our software promptly to get the latest security fixes. We work directly with the Amazon Web Services Security team to ensure that the SportsEngine Platform continues to operate at the highest level of security.
We train all of our developers in Secure Coding Best Practices annually. Our development process is highly focused on security. Automatic tools analyze our code daily for a wide variety of security vulnerabilities such as SQL injection and cross-site scripting. Additionally we require a manual code review prior to introducing any new code on the SportsEngine Platform.
On the SportsEngine platform, users may have access to sensitive personal and financial information. We give customers the ability to grant and limit access through robust permission management systems.
We want to make sure that if you step away from working in SportsEngine, we help protect against unauthorized access. We take steps to automatically log users out after periods of inactivity.