Compliance

General Information

CSF International, Inc.
1629 Barber Road
Sarasota, Florida 34240-9392
United States
941-379-0881 Tel
941-371-5223 Fax
info@CSFi.com
www.csfi.com

Financials

CSF International (CSFi) is a privately-held company and as such does not publish its financials for public knowledge. CSFi maintains a D&B number (D-U-N-S #03-749-8151) where information on the company's credit history and viability may be obtained. Privately-published financials are normally generated in late January.

Disaster Recovery and Business Continuity

A full disaster recovery center is located in the Midwest part of the United States with its own telecommunications and power sources. Source code is backed up daily over a communication line and is supplemented by internal storage systems for in-house backup plus off-site storage that is more than 20 miles away from our headquarters. Disaster recovery procedures are tested on a quarterly basis to ensure correct operability. In the event of a disaster, eblast notices will be sent to our customers using our corporation's global address list. Support services will continue from the Internet using our contingency system(s). Coding services will continue after source code is restored to the new systems.

Pandemic Planning

In the event of a pandemic, systems and procedures are already in place to continue normal business operations from remote employee locations.  Business continuity methods include the use of remote login and teleconference software, internet-based web support and direct employee to employee chat mechanisms.

Escrow

Escrow services for CSFi source code are offered to each end user and managed by Iron Mountain. Periodic software deposits are made on behalf of those who subscribe to the escrow service. In the unlikely event that CSFi ceases business operations, Iron Mountain would be notified that the escrow deposits should be distributed to the subscribed end users.

Insurance

The company has property and liability insurance, for each occurrence, with the Colony Insurance Company in addition to an umbrella policy. The most recent insurance declarations page can be obtained by clicking here (requires secure access). There are currently no provisions in this insurance policy pertaining to the Fair and Accurate Credit Transactions Act (FACT) with provisions that address identity theft.

Litigation and Complaints

At the time of this publication, there were no complaints or litigation against CSF International.

Employee Screening

Employees are screened prior to their employment. Each new employee receives an employee handlbook with corporate policies and procedures that they agree to follow. As a condition of employment, each employee must provide their written acknowledgment that they agree to the policies and procedures contained in the employee handbook. Each employee must also sign a non-disclosure agrrement. In the event that an employee discontinues employment with CSFi, a checklist of departure items must be completed and signed prior to discontinuation of employment.

Operations & Control Procedures

We log and verify receipt, shipment and checkout of all transportable data media. Our programmers use version control software as an integral part of our change control process.

Security - Information

Encryption key and certificate handling is always conducted by multiple employees. Customers are instructed to send sensitive data over our encrypted FTP server and not through email. Windows updates are applied to all PCs when notified of updates. Server updates are done after the systems are fully backed up and the the updates are applied. Each user session times out after a specified period of inactivity. All email is filtered through a third party performing two virus checks and 98% of SPAM is eliminated. All desktop PCs are running anti-virus software which gets updated daily plus the installed versions of OS all have their own internal firewalls.

Security - Network

All systems that process or store sensitive data are isolated and proteced by firewalls. All external connections are also secured by firewalls. Network penetration testing is performed on a contiunous basis by our NMAP security scanner. Firewall logs are reviewed on a contiuous basis. If an intrusion is detected, the firewall sends an email alert to the company's IT manager's personal phone. In the event of an intrusion detection, client notification is not applicable as their data is not stored in our premises.

Security - Physical Premises

The premises are equipped with UPS systems to protect servers and workstations from power spikes and extended power outages. Special fire extinguishing systems are employed to retard and extinguish fire. A state-of-the-art, monitored security system with motion detectors secures the premises against unauthorized intrusion. Each employee has an individual entry code for monitoring and auditing purposes. In the event of an intrusion detection, client notification is not applicable as their data is not stored in our premises.

SAS70

As CSFi does not host or process data belonging to our customers and is not operating as a service organization, we do not participate or obtain a SAS70 audit and certification.

PA-DSS

Compliance testing for PA-DSS certification will be conducted during the 1stQ of 2010.

PCI DSS

For more information concerning PCI DSS compliance, please click here.