Data kept in a our hosted applications is secured from unauthorized access in a number of ways. Protection is provided at the hosted data center, during transmission between this data center and a client machine and in the way the data is handled on the client machine.
Transmission of data between the data center and client machine is protected using Secure Socket Layer (SSL) certificates. For extra protection, sensitive data such as passwords receive an additional level of encryption.
Access from a client machine is password protected, and the passwords must be entered each time a user logs in (each time a new session starts). Sessions time out after a period of inactivity. Session cookies do not include user names or passwords. Our hosted applications provide full support for enterprise password policies, including: strong passwords, multi-level password resets, and segmented expiry warnings.