The ONE Online Sports Management System
You Need to Simplify Your Tasks. TRY IT OUT FREE.
left bumper
right bumper

SportsSignup Data Security

Data Security

SportsSignup and our partners commit to the highest level of security available. This statement provides an overview of SportsSignup’s technology, including data security and privacy, data warehouse (data center), employee/end-user data access, server configuration/scalability, credit card transaction security, and end-user data privacy.

SportsSignup Technology

  • Web Site Security
  • Transaction Security
  • State-of-the-Art Data Center
  • SportsSignup Server Architecture and Data Model
  • SSL Data Access
  • System Scalability
  • Data Privacy

Web Site Security

It is important and expected that the link between the end user’s web browser and our web site (web server) is secure – that the information remains private and integral. Our application uses Secure Sockets Layer (SSL), the standard security technology for creating an encrypted link between a web server and a browser. SSL is an industry standard that uses 128 bit key encryption, and is used by millions of web sites in the protection of their online transactions with their customers.

In order to be able to generate an SSL link, a web server requires an SSL Certificate (X.509). Our certificate is provided by Comodo Group (www.comodogroup.com).

The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session - the Padlock:


( As seen by users of Internet Explorer 6.0 or 7.0 )

Clicking on the Padlock displays our SSL Certificate and details. When a browser connects to a secure site, it retrieves the site's SSL Certificate and checks that it has not expired, that it has been issued by a Certification Authority the browser trusts, and that it is being used by the web site for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user.

Transaction Security

When registrants use the SportsSignup system to make payment via credit card, the payment information is entered on a secure web page, using SSL encryption (see Web Security section) and processed via the customer’s merchant account. Only the last four digits of the credit card number are stored in the SportsSignup system. The customer name (e.g. Springfield Soccer League) will appear on the registrant’s credit card statement.

For transactions against services rendered directly by SportsSignup (e.g. KidSafePlus Coach and Volunteer Background Check Management), payment information is entered on a secure web page, using SSL encryption (see Web Security section) and processed by Authorize.Net, a leader in secure payment processing. Only the last four digits of the credit card number are stored in the SportsSignup system. A charge from www.SportsSignup.com will appear on the Registrant’s credit card statement.

The SportsSignup system is PCI Compliant. SportsSignup is enrolled in Trustwave's Trusted Commerce program to validate compliance with the Payment Card Industry Data Security Standard (PCI DSS) mandated by all the major credit card associations including: American Express, Diners Club, Discover, JCB, MasterCard Worldwide, Visa, Inc. and Visa Europe.

Trustwave's Trusted CommerceSM designation indicates that SportsSignup protects credit card and order information in accordance with payment card industry best practices.

State-of-the-Art Data Center

The SportsSignup system is a SaaS, which means it is hosted on servers so it can be accessed by the public network. We host with Rackspace (www.rackspace.com), arguably the most reputable hosting company in the world. With the expertise of Rackspace and consulting from Trustwave (www.trustwave.com), we have achieved Payment Card Industry (PCI) compliance since 2008.

Here are some highlights of security the security measures in place to protect your data:

Physical Security

  • Keycard protocols, biometric scanning protocols, and round-the-clock interior and exterior surveillance monitor access to every one of our data centers.
  • Only authorized data center personnel are granted access credentials to our data centers. No one else can enter the production area of the data center without prior clearance and an appropriate escort.
  • Every data center employee undergoes multiple and thorough background security checks before they are hired.

Precision Environment

  • Every data center's HVAC (Heating Ventilation Air Conditioning) system is N+1 redundant. This ensures that a duplicate system immediately comes online should there be an HVAC system failure.
  • Every 90 seconds, all the air in our data centers are circulated and filtered to remove dust and contaminants.
  • Our advanced fire suppression systems are designed to stop fires from spreading in the unlikely event one should occur.

Conditioned Power

  • Should a total utility power outage ever occur, all of our data centers' power systems are designed to run uninterrupted, with every server receiving conditioned UPS (Uninterruptible Power Supply) power.
  • Our UPS power subsystem is N+1 redundant, with instantaneous failover if the primary UPS fails.
  • If an extended utility power outage occurs, our routinely tested, on-site diesel generators can run indefinitely.

Core Routing Equipment

  • Only fully redundant, enterprise-class routing equipment is used in Rackspace data centers.
  • Fiber carriers enter our data centers at disparate points to guard against service failure.

Network Technicians

  • We require that the networking and security teams working in our data centers be certified. We also require that they be thoroughly experienced in managing and monitoring enterprise level networks.
  • Our Certified Network Technicians are trained to the highest industry standards.

Click here to learn more about the Rackspace Security Approach.

SportsSignup Server Architecture and Data Model

SportsSignup utilizes a “web farm” – a set of identical computers that run web servers that respond to user requests. In front of the web farm is a load balancer, that takes requests and distributes them to the machines in the web farm. In front of the load balancer is a firewall that protects the network – we use a Cisco ASA 5505 firewall. In front of the firewall is an intrusion detection system (IDS), which detects malicious attacks and shuts them down. We use an advanced hardware/service solution for IDS - Alert Logic Invision 1500 IDS (www.alertlogic.com) – where a service is notified when the hardware detects a potential threat, and a person determines the correct action to take.

PCI compliance dictates where the database server needs to reside in the network. Our web farm sits in a ‘demilitarized zone’ (DMZ), and our database machine sits in a private network, which cannot be accessed by the outside world. Our database is SQLServer.

 

SportSignup has implemented the same multi-tenant architecture used by some of the largest SaaS companies in the world. Using this approach, our customers, or “tenants”, live in the same database. This is a common technique used when a service serves many tenants, each with a relatively light database/server demand.

The implementation of a multi-tenant architecture where tenants live in the same database requires structuring the data with tenant identifiers, and software to use the tenant identifiers to implement the cross-tenant security.

SSL Data Access

It is important and expected that the link between the end user’s Browser and our Web Site (web server) is secure – that the information remains private and integral. Our application uses Secure Sockets Layer (SSL), the standard security technology for creating an encrypted link between a web server and a browser. SSL is an industry standard that uses 128 bit key encryption, and is used by millions of web sites in the protection of their online transactions with their customers.

In order to be able to generate an SSL link, a web server requires an SSL Certificate (X.509). Our certificate is provided by Comodo Group (www.comodogroup.com).

The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session.  SportsSignup development staff access the system via Virtual Private Network (VPN).

System Scalability

One of the advantages to cloud computing is the ability to easily scale the system to account for traffic or transactional volume. SportsSignup owns and operates multiple application (web) servers that are load balanced based on traffic demand. As our traffic volume increases, more servers can be added to accommodate the increased load. The servers all use mirrored disc technology, which creates an inherently redundant set of data as it is compiled, so data loss is not a factor. On top of that, full copies of our application and database are generated daily and kept in the secure facility. On a weekly basis, a copy of all data is encrypted and stored off-site.

Data Privacy

SportsSignup is a licensee of the TRUSTe Web Privacy Seal Program. TRUSTe is an independent organization whose mission is to build user’s trust and confidence in the Internet by promoting the use of fair information practices. This privacy statement covers the web site www.SportsSignup.com. Because this web site wants to demonstrate its commitment to your privacy, it has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe.


About SportsSignup

More

Easy and affordable online solutions for player registration, tournament or team registration, and coach/volunteer background checks. Easy for you. Easy for all.

Contact Us - 1-866-975-8600

Sales

sales@sportssignup.com

Support:

support@sportssignup.com

Copyright ©2003-2014 League Sports Services, LLC; all rights reserved