Security

PCI Compliant

eMedEvents complies with PCI-DSS 2.0 Level 1 as both a Merchant and a Service Provider.
  • The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security.

  • Registered with both Visa and MasterCard as a PCI-compliant Service Provider.

  • Regularly audited by a Qualified Security Assessor (Coalfire, Inc.)

  • Passes internal and external application and network penetration testing performed by independent security firms.

  • Scanned daily by an Approved Scanning Vendor (ASV).

  • PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.

  • eMedEvents employs a cross-functional team responsible for oversight of PCI Compliance.

   

Privacy

eMedEvents maintains a comprehensive privacy program. To us, this means that although we are required by law or regulation to do certain things, we are continually evaluating whether we can and should do more.
  • We do not sell the personal information of our customers to third parties.

  • We have a full time legal and security team focused on privacy and security issues.

  • We voluntarily participate in the US-EU and US-Swiss Safe Harbor frameworks that require us to treat EU personal data with a higher standard than that required under US law.

  • You can find our privacy policy at emedevents.com/privacy/

  • PCI Attestation of Compliance (AOC) and Quarterly Scan Attestation of Compliance are both available upon request.

   

Hosting Environment

Amazon EC2 hosts eMedEvents production systems.
   

Web and Mobile Application Development

eMedEvents is committed to designing, building, and maintaining secure systems.
  • All applications are regularly scanned for common security vulnerabilities including the OWASP Top Ten.

  • Regular training on Secure Coding Practices is provided. All engineers must attend training sessions.

  • No credit card information is permitted to be stored on any mobile device.

  • Use of encryption for both storage and transmission of sensitive information is regularly audited by the eMedEvents Security Team.

  • All web and mobile applications are primarily developed, tested, deployed and maintained by a full-time and in-house engineering team.

   

Encryption

eMedEvents uses strong encryption methods and key management procedures to ensure your sensitive information is protected.
  • All credit card information is encrypted with strong industry-standard cryptographic protocols such as AES and SSL while in transit through our systems.

  • eMedEvents website is accessible via a 256-bit SSL certificate issued by Digicert.

  • Credit card information is never stored after transaction authorization.

   

Our Organization

eMedEvents has taken appropriate measures to vet our employees.
  • All employees are subject to reference, education and other personnel checks. Certain employees are also subjected to detailed background checks as well.

  • eMedEvents maintains an information security training program that meets PCI-DSS standards and complies with the Massachusetts Privacy Law (201 CMR 17).

  • Knowledgeable full-time security personnel are on staff.

  • Employees have to acknowledge of their roles and responsibilities with respect to protecting user data and privacy.

   

Incident Response

While we don't anticipate there ever being a breach of our systems, we know that no computer system is perfectly secure.
  • In the event of a breach of an eMedEvents information system, we have a detailed Incident Response plan in place.

  • We have periodic testing of the Response plan.

  • eMedEvents have 24x7 monitoring of its security systems and alerts.

   

Research and Disclosure

If you discover a vulnerability with eMedEvents information systems, report it to us first!
  • Zero tolerance to anyone attempting to harm eMedEvents, it's users or customer's data.

  • Allow reasonable time for eMedEvents to resolve the issue before publishing the findings publicly.

  • Report details to contact@eMedEvents.com.

  • Check for eligibility on the Security Reporting FAQ

  • Include full details and steps to reproduce.

  • Recognition by listing on the eMedEvents Security Wall of Fame.

  • If you wish to encrypt your email, use eMedEvents Security's GPG Key.

View Conference Details