Ensuring Your Security
At Idaho.gov, our technology and policies are designed to make your online transactions private and secure. Documented steps are taken to safeguard information according to established security standards and procedures and we continually evaluate the newest technology for protecting information.
Sensitive information passed in online transactions such as social security numbers, banking information, and personal data is confidential.
Whenever you see the bluebird icon on a state government online service,
the following safeguards and security criteria are in place:
- Transactions involving sensitive information occur on a secure server. You can look for the “lock” symbol at the bottom of your browser window to verify that you are on a secure server.
- Our secure socket layer (SSL) software uses strong encryption to ensure that your personal and financial information cannot be intercepted during transmission to our server.
- All information requests pass through hardware and software security firewalls.
- Communication between Idaho.gov servers/systems and State databases is passed via a secure private network.
- Encrypted personal information includes credit card numbers as well as social security numbers and banking information.
- State of the Art SSL (Secure Socket Layer) Encryption
- This enables the encryption of sensitive information during an online transaction. Information sent via SSL can no longer be read as plain text.
- Verizon Cybertrust
- Idaho.gov policies and procedures have been examined, measured and validated by Cybertrust, the global information security specialist.
Verify our Verizon Cybertrust Security certificate.
- Secure Internal Networks
- All data transferred between databases is done via secure Virtual Private Networks (VPN) to ensure that only authorized users can access the network and no one can intercept data.
- Data Storage Policies
- Idaho.gov does not store sensitive information in a way that may be retrieved or compromised. When storing this information is necessary, the strongest asynchronous encryption available is used. Without your explicit approval, your bank or credit card account number is never stored on our server any longer than necesary to complete the transaction.
- Secure Policies and Procedures
- Password and network activity audits are performed quarterly.
- Physical Location Security
- All physical locations where hardware and software are located are physically secured and only accessible by individuals with proper credentials.
- Application Security
- A software tool is employed to scan for individual application vulnerabilities.
- Payment Card Industry Data Security Standards (PCI DSS) Compliant
- Adherence to performance measurements outlined in the PCI DSS annual self evaluation, as well as submission to regular scans from Security Metrics to search for network vulnerabilities.
- Sarbanes-Oxley Compliant
- Adhere to secure change control procedures.