The think security framework
Deploying a mixture of initiatives ensures the very best in security
think's infrastructure is housed in dedicated monitored facilities over multiple geographical locations.
- think's partitioned networks are protected by the latest firewall technology.
- All transactional data and API is encrypted at a minimum of 128 bits in messaging formats such as SSL and PGP.
- think deploys regular security patches and updates on all hardware.
- Security settings on think's hardware is tuned to ensure the appropriate level of security.
think's staff are mandated to adhere to the think security policy.
- Only think staff with appropriate security levels have access to sensitive information and data.
- Logs of staff access are maintained and review on a regular basis.
- Security audits are conducted regularly by accredited, external experts.
- Documented incident rapid response plans are in place and scenarios are run regularly.
- Regularly expiring passwords and strong password controls are required for all system administrators.
- Considered security procedures and policies are documented and reviewed regularly.
Best practice methodologies are deployed by think's software development teams.
- Storage of card information and transactional data is not permissible on local devices.
- All development must pass the strictest testing regime.
- think follows industry standard practices for security such as OWASP.
- Development for card processing software complies with the latest security standards.