The purpose of this policy is to describe the measures taken to protect the assets, intellectual property and private information of the board, certificate holders, and certification candidates in the event these assets, property or information are compromised, lost or damaged. The following describes our policy and procedures regarding these matters.
Passwords
Where feasible, passwords are utilized to limit access to the information provided to us. This includes access to File Maker Pro (FMP), QuickBooks, and the networks utilized to support the virtual office arrangement.
Virus Protection
Our computers utilize AVG software for virus and firewall protection and are updated daily against new security threats.
Web Site
Our web host, Inno-Tech, backs up our web site daily and can restore lost or damaged data if needed.
Areas of the web site that are reserved for use by certificate holders and staff are password-protected and can only be accessed with the correct username and password.
No financial data is processed or recorded through the web site. Such transactions are routed through QuickBooks or PayPal, depending on the transaction type.
Financial Data
Financial data exists in paper and electronic format. Electronically, it is stored in QuickBooks, which is password-protected. Paper files are stored securely in accordance with our Record Retention policy.
Exam
Copies of the exam exist in paper and electronic format. Exam originals (paper and electronic) are kept at the BCPE office, as well as with the Chair of the Exam Development Committee. Due to the proprietary nature of the exam, copies of the exam are not stored on staff computers. Electronic copies of exam materials are protected by password.
Candidate exams are stored securely until archived onto DVD.
Back-up Procedures
The BCPE uses a separate on-site hard drive and Retrospect software to perform a daily (except Sunday) back up of FMP, the BCPE Shared Folder and Outlook Express. A complete back up of the host computer’s ‘C’ drive is performed on Saturday. The program prevents automatic write-over of the previous day’s files.
Monthly, a CD containing FMP, company financial records (QuickBooks) and portions of the Shared Folder is mailed offsite to the BCPE Secretary.
A third backup containing current applications is done every six months utilizing an external hard drive and along with a DVD of other pertinent data, is stored in a safe deposit box off site.
Old applications (those beyond the two year eligibility period) are archived onto DVD and stored both on and off-site.
Data Disposal
All data (financial, application materials, exam materials, etc.) is kept for the period of time specified in our Record Retention policy. When data exceeds the specified retention period, it is shredded by the staff and recycled.
Security
The BCPE has taken reasonable efforts to protect against the loss, misuse or alteration of the information entrusted to us. These safeguards include the use of administrative, physical and technical barriers described in this policy to prevent the loss or alteration of this data.
Changes to this Policy
The BCPE may revise this policy on occasion as warranted by the use of new technologies and/or changes in the policies and procedures described in this document. When updates are made, the revision date will be noted at the end of the document.
Questions
If you have questions about this policy or you believe the BCPE is not following the policies and procedures described in this document, please contact the BCPE at bcpehq@bcpe.org.
