Compliance

Corporate Information

CSF International, Inc.
1629 Barber Road,
Sarasota, FL 34240 USA
Tel. 01 (941) 379-0881
Fax. 01 (941) 371-5223


Financials

CSF International (CSFi) is a privately-held company and as such does not publish its financials for public knowledge.


Disaster Recovery & Business Continuity

A full disaster recovery center is maintained at a remote center. In the event of a disaster, email notification will be sent to our customers using our corporation’s global address list. Support services will continue from the Internet using our contingency system(s). Coding services will continue after source code is restored to the new systems.

Download our most recent Business Continuity Plan here.


Pandemic Plan

In the event of a pandemic, normal business operations will be performed using multiple pre-established home-based remote monitoring tools. These tools enable employees to work from home, conduct conference calls and access CSF International’s internal systems for development, testing and customer support as if they were in the office. Other CSFi systems (such as web support) are Internet based and accessible through web browsers from home. Staff are also able to communicate with one another using a combination of other pre-established communication channels.


Escrow

Escrow services for CSFi source code are offered to each end user and managed by Iron Mountain. Periodic software deposits are made on behalf of those who subscribe to the escrow service. In the unlikely event that CSFi ceases business operations, Iron Mountain would be notified that the escrow deposits should be distributed to the subscribed end users.


Insurance

The company has property and liability insurance, for each occurrence, with the Colony Insurance Company in addition to an umbrella policy. The company has worker’s compensation and employers liability insurance through Travelers Insurance Company.


Litigation & Complaints

At the time of this publication, there were no complaints or litigation against CSF International.


Employee Screening

Employees are screened prior to their employment with CSFi including a full background check including any criminal convictions and an OFAC/Global Terror Watchlist search is performed by the Corra Group (www.corragroup.com). Each new employee also receives an employee handbook with corporate policies and procedures that they agree to follow. As a condition of employment, each employee must provide their written acknowledgment that they agree to the policies and procedures contained in the employee handbook and submit to the full background check. Each employee must also sign a non-disclosure agreement. In the event that an employee discontinues employment with CSFi, a checklist of departure items must be completed and signed prior to discontinuation of employment.


Operations & Control Procedures

We log and verify receipt, shipment and checkout of all transportable data media. Our programmers use version control software as an integral part of our change control process.


Security – Information

Encryption key and certificate handling is always conducted by multiple employees. Customers are instructed to send sensitive data over our encrypted FTP server and not through email. Windows updates are applied to all PCs when notified of updates. Server updates are done after the systems are fully backed up and the the updates are applied. Each user session times out after a specified period of inactivity. All email is filtered through a third party performing two virus checks and 98% of SPAM is eliminated. All desktop PCs are running anti-virus software which gets updated daily plus the installed versions of OS all have their own internal firewalls.


Security – Network

All systems that process or store sensitive data are isolated and protected by firewalls. All external connections are also secured by firewalls. Firewall logs are reviewed daily. If an intrusion is detected, the firewall sends an email alert to the company’s IT manager’s personal phone.


Security – Physical Premises

The premises are equipped with UPS systems to protect servers and workstations from power spikes and extended power outages. Special fire extinguishing systems are employed to retard and extinguish fire. A state-of-the-art, monitored security system with motion detectors secures the premises against unauthorized intrusion. Each employee has an individual entry code for monitoring and auditing purposes.


SAS70 / SSAE-16 Type II

As CSFi does not host or process data belonging to our customers and is not operating as a service organization, we do not participate or obtain a SAS70 or SSAE-16 Type II audit and certification.


PCI SSF (S3) & PA-DSS Compliance

Compliance testing for PA-DSS certification has been completed. For more information concerning PA-DSS compliance, please click here.

Current Status

PCI S3 – CSFi expects to complete the S3 audit and compliance certification requirements in 2023 using the latest version of SWITCHWARE.

PA-DSS 3.2 – Our technical staff recently worked with the assigned PCI-QSA auditor to validate and satisfy the requirements needed for the PA-DSS version 3.2. Our validation was completed and submitted to the PCI Security Standards Council on September 24, 2018.

Download CSFi’s Attestation of Validation here.


PCI-DSS

For more information concerning PCI DSS compliance, please click here.