LobbyGuard Solutions, LLC places data security and the safe storage of sensitive information as one of its top priorities. The LobbyGuard software utilizes extensive security procedures during the storage and retrieval of sensitive information. This document outlines some of the most important aspects of LobbyGuard’s data security measures.
Options for Information Capture
Visitors signing in and out of facility using a LobbyGuard product can be required to enter a number of data elements including name, photograph, and driver license scan. LobbyGuard provides its customers with configuration options to select the questions asked of information gathered from visitors and to determine the type of information to be stored in the customer’s LobbyGuard database. This flexibility means the customer decides what information is important and what information should be saved in the LobbyGuard database as part of the visitor record.
Data Transmission and Secure Storage
Transmission of all data to and from the LobbyGuard Kiosk to the customer database is via SSL (secure socket layer). Data at rest is secured via Microsoft Transparent Data Encryption (TDE) utilizing a 256-bit data encryption algorithm. For more information on Microsoft TDE visit https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/transparent-data-encryption
Location of Customer Data and Data Backup Policy
LobbyGuard provides unlimited data storage on the LobbyGuard Cloud Services platform powered by Microsoft Azure. All data is backed up daily to ensure maximum possible up-time. LobbyGuard customer information is not sold or distributed, and information can only be viewed and obtained by the customer and the LobbyGuard Support Team per the customer’s request. Customer may request a deletion of records at any time as needed.
Microsoft Azure is fully compliant with global security standards and is recognized as a leader in secure data hosting. For more information on the Azure platform and data security visit the Azure Trust Center located at https://azure.microsoft.com/en-us/overview/trusted-cloud/. Physical access control policies for the Azure facilities can be found at https://azure.microsoft.com/en-us/support/trust-center/
The offices of LobbyGuard Solutions, LLC do not contain any copies of personal data, databases or application servers. The offices are protected by 24/7/365 camera surveillance as well as after-hours proximity locks to the building and elevators. The doors to the LobbyGuard offices are further protected by key locks and access control processes.
Data Access by Customer
Data is available to the customer via LobbyGuard FrontDesk, a secure web site that requires individual user account and password for access. Customers can create as many user accounts as needed via LobbyGuard FrontDesk and can grant varying levels of data access to any given user. User Account passwords are subject to advanced standards including password length, complexity, triviality, re-use and expiration.
Data Access by LobbyGuard Solutions, LLC
All LobbyGuard User Accounts follow the Microsoft Azure standards for password complexity. Internal policy forbids sharing of login rights, user names or passwords with other employees. Neither LobbyGuard Solutions, LLC nor its employees will review clear-text records of customer data without customer request.
Account rights are provided to LobbyGuard employees based on an as-needed model that prevents access to Customer Data by employees who are not authorized and/or do not need access to such data in the carrying out roles at LobbyGuard. All account activity is logged and is reviewed monthly for detection of abuse of the above policy. Disciplinary actions against personnel who access data without authorization are in order: warning with record of warning recorded by LobbyGuard Human Resources; any subsequent breach of this policy is grounds for dismissal from the firm. Accounts are changed if and when the employee role deems such a change. Accounts are deleted prior to the employee becoming aware of termination or if the employee is moved to a role where no access to Personal Data is required as part of that role.
For additional information on LobbyGuard’s data security or other features, please visit our web site at www.lobbyguard.com or call toll-free (866) 905-6229.