Security information for IT

As an information technology expert, you are familiar with cybercriminals' dangers and inadequate security measures. As a result, it makes sense that you might be a bit wary about working with a business that requires sharing sensitive financial and personal information.

Perhaps a pastor or church administrator has requested you to look at Cristo+ as a potential partner for online giving or church management software, or maybe you want to be sure that the congregation's information is safe and secure. We appreciate churches that take security as seriously as we do, regardless of the situation. This article aims to briefly review Cristo+ security procedures to persuade you that information security and safety are vital to us. With Cristo+, you may feel secure knowing that we have robust security measures to safeguard your congregation's private information. These procedures were created with confidentiality, dependability, and integrity in mind.

Cristo+ Security: How We Safeguard Your Data

Employee education

From the CEO to the members of our sales staff, every one of our employees must complete a security awareness training course when they are employed and on an annual basis after that. Additionally, our IT/Security Team offers extra training annually through company-wide meetings, team-specific seminars, and email updates.

A Committed Group

A devoted group of privacy and information security experts work with Cristo+. Our engineering and information security teams collaborate closely to share insights and best practices to maintain the security of our infrastructure and apps.

Security evaluations and testing for quality assurance. Security audits are conducted on updates and new features from conception to implementation. Before deployment, changes to our infrastructure, processes, and code base are examined for security vulnerabilities. Before our security standards accept changes, they are not delivered to production. Before being submitted for testing, the code is peer-evaluated. Code submitted for testing goes through comprehensive quality assurance testing to cut down on and remove flaws before it is released.

PCI-DSS Level 1 Service Provider Compliant

Cristo+ collaborates with PCI-certified partners and is a fully PCI-DSS Compliant Level 1 Service Provider on its own. This indicates that Cristo+ satisfies the highest security requirements for the payment card industry. Credit card firms (such as Visa, Mastercard, etc.) developed the PCI-DSS security standard due to their experiences fending off multiple security threats and protecting their customers' data. In addition, every year, a recognized external party conducts an audit of Cristo's software development standards, infrastructure, and organization as a PCI-compliant service provider.

Testing for Third-Party Penetration

As part of Cristo+'s dedication to guaranteeing the security of the data we save on the Internet, we appoint an impartial third-party company to conduct manual penetration testing of our applications in addition to our PCI audit. Manual penetration testing is more thorough than automated vulnerability scanning. It entails contracting with an outside company that uses security professionals to test our application, infrastructure, and networks. Our infrastructure is hosted by Certified Infrastructure Host Cristo+ using Amazon Web Services (AWS). AWS maintains several certifications for its data centers, including PCI-DSS Level 1, ISO 27001, and SOC2 (view the AWS Cloud Security page for more information on their security controls and certificates).

Recovery from Disaster Procedures

Customer data, code, and other elements required to launch Cristo+'s services are regularly streamed between AWS regions to further ensure the applications' availability. In addition, we periodically test our well-documented disaster recovery methods.

Systematic Monitoring

To provide a thorough overview of our security infrastructure and network, Cristo+ employs several monitoring technologies. In addition, our Site Reliability Engineering staff is available to respond at any hour of the day or week if an alarm is raised.

System for detecting fraud

Along with all of these safety precautions, we've also put in place a sophisticated fraud detection system that uses machine learning algorithms to notify our fraud investigation team of any questionable behavior on any of our platforms.

The Value of Great Security Cannot Be Measured.

As we mentioned in the introduction, cybercrimes pose significant concerns in the digital age. However, collaborating with firms that give data security and information security a high priority may allow you to lower that risk dramatically. Unfortunately, sometimes choosing the least expensive or most affordable online giving partner means putting your congregation's security at risk. In the long term, partnering with a company that cuts corners with information security costs you far more than the initial savings.

You may feel secure working with Cristo+ since we adhere to the strictest standards for internet security and are constantly looking for ways to enhance our security systems.