Outside organizations have reviewed our online security to ensure we provide our customers with the highest protection possible.
Icon Systems Security Protocol
All information transferred from your computer to our servers is submitted via industry-standard TLS encryption. Icon Systems registers the certificates with DigiCert for verification of a valid certificate with your browser. This means all information is sent from your computer to the servers over an encrypted connection.
The servers are placed in locked cabinets in a key card access building designed to house servers.
Data is submitted to the Application servers. The Application servers review the data to verify it is acceptable and execute the necessary save. Only the Application servers can write to the database servers.
All Database Servers are placed on a local network. The database servers do not have a defined route back to the outside world. The only servers that can view the database servers are the application servers. The database servers limit the application servers as to which ports they can access. Icon Systems does not disclose this communication process between the servers or the ports it uses.
Our company policy states, that information provided to us by customers will never be shared with or sold to another company or agency unless required by law or court orders.
All servers are connected to a UPS device and use battery power. If the power goes out, the changeover is seamless so there is no temporary power flicker. The UPS devices are capable of running up to twelve hours by themselves. A diesel generator will start running within five minutes of the initial power outage and has enough fuel to keep all systems running for seven full days.
Nightly backups are created and sent over an encrypted connection to a second, fully operational hosting facility, located in a different part of the country.
Open Finance Data Security Standard (OF-DSS)
Icon Systems, Inc. passed the Open Finance Data Security Standard (OF-DSS) to enhance data security and establish a baseline set of security expectations for the participants in the Open Finance ecosystem. This data security standard establishes 63 individual security requirements across 12 control domains that address common security risks. These requirements are contextualized with implementation guides and audit steps to ensure compliance. These requirements are not intended to exhaustively address all data security risks that may be material to a particular organization. However, these requirements address security risks that are commonly encountered by emerging financial technology companies when processing or storing sensitive information.
