home
company solutions industries successes customers consumers company
Internet Security


These Internet Security Requirements (“Internet Security Requirements”) are made with reference to the ADDENDUM between TELETRACK and CLIENT. Capitalized terms used, but not otherwise defined, herein are used with the meanings assigned to such terms in the ADDENDUM. CLIENT agrees to comply with the following requirements in connection with ordering and receiving Additional Information Services through the Internet:

1. General.

a. TELETRACK will provide CLIENT subscriber codes, security digits, access codes, telephone access numbers and other proprietary information to enable CLIENT to access the Additional Information Services through the Internet (together, “ TELETRACK Access Information”). TELETRACK reserves the right to change the TELETRACK Access Information (or any item or items thereof) periodically and/or at any time, effective upon notice to CLIENT.

b. For purposes of these Internet Security Requirements, the information in the Additional Information Services and the TELETRACK Access Information are sometimes referred to, together, as “TELETRACK Information.”

2. Data Security.

a. All TELETRACK Information and consumer identifying information must be encrypted as it is delivered through the Internet. 128-bit SSL/TLS or higher strength encryption is required.

b. All TELETRACK Information must be protected when stored on servers, subject to at least the following requirements:

(i) Servers storing TELETRACK Information must be separated by a firewall or other comparable method from publicly accessible web-servers;

(ii) TELETRACK Information must not be on a server that can be accessed by TCP services directly from the Internet and must not be referenced in domain name services (DNS) tables;

(iii) All security access to these servers, both physical and network, must include authentication and, in the case of network security, passwords that are changed at least once every 90 days; and

(iv) All servers must be kept current with all operating system patches, as they become available.

c. TELETRACK Information may not be shared with, or accessed by any person other than an Authorized Employee (as defined in paragraph e. below). All transmission and/or storage of TELETRACK Information is subject to all the terms and conditions contained in these Internet Security Requirements.

d. When displaying any nonpublic information in HTML, no TELETRACK Information can be stored on the presentation server(s). CLIENT will use the presentation server(s) only to receive the HTTP services. All HTML shall be dynamically created or interpreted by the application server. The presentation server(s) shall only receive the data and process it back and forth to the application server. Data transmitted between CLIENT’s browser and the application server must not be cached, in any form, on the presentation server(s).

e. Only Authorized Employees shall have computer network or terminal or any other access to any TELETRACK Information. Authorized Employees are employees of CLIENT who have a need to access TELETRACK Information in order to carry out their official duties with CLIENT for the purposes specified in the ADDENDUM for Service. Prior to providing an Authorized Employee with access to any TELETRACK Information, CLIENT will provide the Authorized Employee with adequate training regarding the Internet Security Requirements and the Fair Credit Reporting Act (“FCRA”) and other applicable laws, and will require the Authorized Employee to agree to comply with all such requirements and laws (together,“ Employee Requirements”). Without limiting the generality of the foregoing, CLIENT will inform all Authorized Employees that unauthorized access to information in Credit Reports may subject them to civil and criminal liability under the FCRA and other applicable laws, punishable by fines, imprisonment, or both. CLIENT will not add any employee as an Authorized Employee unless the employee has received the required training and has agreed to comply with the Employee Requirements.

f. CLIENT shall implement adequate security measures in order to prevent use or access of TELETRACK Information by persons other than Authorized Employees, including, without limitation, the following: (i) assigning each Authorized Employee a unique Internet identification and password (together, “Operator Passwords”), (ii) changing the Operator Passwords at least once every ninety (90) days or sooner if a specific Authorized Employee is no longer responsible for accessing TELETRACK Information or CLIENT has learned or suspects that there has been unauthorized access to an Operator Password, (iii) limiting knowledge of the TELETRACK Access Information and Operator Passwords to Authorized Employees and strictly prohibiting the sharing, disclosure, or public display of any such information, (iv) using all security features in the software and hardware used to access TELETRACK Information, (v) not transferring any hardware or software between locations without deletion of all TELETRACK Access Information and Operator Passwords, and (vi) if unauthorized access to TELETRACK Access Information is discovered or suspected, immediately notifying TELETRACK and further undertaking all remedial efforts within its power and control to cure such unauthorized access or use.

3. Network Topology.

a. CLIENT’s Internet connection must be protected with dedicated, industry-recognized firewall that are configured and managed to adhere to industry best practices.

b. TELETRACK Information may be held only on a secure application server that can be accessed only by a secure presentation server, through one of the following methods:

(i) Dual or multiple firewall protection (preferred): This method consists of a firewall between the Internet and the presentation server(s) and another firewall between the presentation server(s) and the application server holding the TELETRACK Information. The network firewall should ensure that only the presentation server(s) is/are allowed to access the application server holding the TELETRACK Information.

(ii) Single firewall method (acceptable): When a dual firewall method is not feasible, a single firewall will provide acceptable levels of protection. The firewall should be installed between the Internet and the presentation server(s). Multiple entries to the separate presentation server (s) and the application server holding the TELETRACK Information are required. The firewall should be configured to allow only the presentation server(s) access to the application server holding TELETRACK Information.

c. All administrative access to the firewall and servers should be through a secure internal network. Remote access must be configured so that the administrator dials into a LAN, is authenticated and verified, and then is granted access to the firewall and servers from inside the network. No direct modem access should be available to the fire walls or servers.

d. No internal Internet Protocol (IP) addresses should be publicly available or natively routed to the Internet.

e. The network should not provide any access to any firewall or servers without proper strong authentication or through the firewall.

f. Any exceptions or alerts must be logged and reviewed by CLIENT and maintained for at least one (1) year for review by TELETRACK.

4. CLIENT Authentication.

a. TELETRACK will not provide any TELETRACK Information to CLIENT unless TELETRACK is able to authenticate CLIENT through a strong authentication methodology.

b. CLIENT will log each access of Additional Information Services and the identity of the specific Authorized Employee that made the access, and shall maintain such information for at least one (1) year for review by TELETRACK.

5. CLIENT Verification.

a. Once CLIENT has been authenticated as describe above, TELETRACK will verify the identity of CLIENT through authentication and verification procedures that provide an acceptable level of security for access to Additional Information Services.

b. At the present time, TELETRACK requires verification through issuance by TELETRACK, and use by CLIENT, of a CLIENT User ID and password. The initial password will be issued by TELETRACK and not created by CLIENT. Passwords will have a minimum of six characters in an alphanumeric combination and will be changed at least once every ninety (90). Passwords and User IDs will be encrypted with 128-bit encryption.

c. The User IDs and passwords must be stored on a server protected by the security measures applicable to the TELETRACK Information.

d. CLIENT must ensure that all IDs of Authorized Employees who are no longer authorized to obtain TELETRACK Information are disabled or revoked immediately.

e. CLIENT must have procedures in place that create appropriate audit trails for all transactions.

f. TELETRACK will protect CLIENT access by timing out CLIENT after a period of inactivity not to exceed thirty (30) minutes.

6. Change of Requirements.

TELETRACK may, from time to time, change any of the requirements herein (including by imposing new requirements or procedures or modifying existing ones) by giving CLIENT written notice of the change. CLIENT will conform its systems, applications, processes, and procedures to comply with the change not later than the effective date specified by TELETRACK in the notice, or if none is specified, thirty (30) days after receipt of the notice.

7. Prohibition of Oral Modification of Requirements.

No oral modification of these requirements will be permitted, and TELETRACK must approve in writing any variance by CLIENT.

8. CLIENT Responsibility.

Compliance by CLIENT with these requirements shall not relieve CLIENT from the obligation to observe any other or further contractual, legal or regulatory requirements, nor shall TELETRACK’s review or approval of any of CLIENT’s systems, applications, processes, or procedures constitute or be deemed to constitute the assumption by TELETRACK of any responsibility or liability for compliance by CLIENT with any of the same. CLIENT shall remain solely responsible for the security of its systems and the security of all TELETRACK Information received by it from TELETRACK and for any breach of that security. TELETRACK retains the right, in its sole discretion, to withhold approval of Internet access to Additional Information Services for any reason. TELETRACK may suspend or terminate access to the TELETRACK Information at any time if TELETRACK has reason to believe that CLIENT has violated any of these Internet Security Requirements or any contractual, legal, or regulatory requirements, rules or terms. CLIENT reaffirms that it will not transmit any Additional Information Services (or information therein) through the Internet without express written permission of TELETRACK.

Company | Solutions | Industries | Contact | Legal Notices | Privacy | Internet Security | Site Map
Copyright © 2008 Teletrack, Inc.