Tips: StarChapter Security Overview

Of paramount importance to us at StarChapter is that our services are highly available, secure, and perform well. StarChapter invests a lot of resources into ensuring that your data is secure.

Through StarChapter, you store personal and organization information and files, process eCommerce transactions, and collaborate with your fellow members and non-members. We are continually working on maintaining and improving our application, infrastructure, security, and processes to deliver the most reliable and secure software services available in our industry.

We manage the security of the StarChapter services on multiple levels, including physical, network, systems, application software, user account access, and personnel.

Physical Security to Datacenters

StarChapter’s servers are located in SSAE-16, formerly called SAS 70, compliant datacenters in the US. Access to these facilities is limited to authorized personnel.

These facilities provide:

  • A built-in redundancy for power, water, cooling, and internet connectivity
  • Manned and technological security systems
  • Elaborate fire protection
  • Comprehensive policies and procedures to support compliancy with the SSAE-16 standard
  • Regular reviews and audits to confirm the facility complies with the SSAE-16 standard.

Network and Server Security

StarChapter provides a multi-functional membership software with the confidence that the service is highly available and secure. We use industry-standard network redundancy monitoring and protection, including firewall and router technologies, network intrusion detection/prevention systems, and notification alerts that allow us to detect and immediately prevent malicious activity.

Regular hotfixes and patches are applied to our servers and network equipment and expedited for the most critical security issues that affect our services. Whenever vulnerability in software used by StarChapter or zero-day vulnerability is publicly reported, immediate action is taken to mitigate any potential risks for our customers.

Regular internal network security reviews and third party external audits are performed. StarChapter is PCI compliant and frequently reviewed to confirm our compliance.

Access to our systems is protected via IP limitations and 256-bit encryption. Individual usernames and passwords are required for all machine and data access. Strong password guidelines are in place, including complexity (symbol and case sensitivity) and minimum length requirements.

StarChapter Application Security

StarChapter uses a rapid development method for our Software Development Life Cycle (SDLC) and adheres to a strict quality assurance (QA) testing process, including extensive testing of functionality, business logic, and security vulnerabilities. Change controls are used to ensure that deployed code in the production environment has been properly reviewed.

Data Encryption in Transit

Access to the StarChapter services is via standard HTTP and HTTPS connections, depending on the function a user or visitor is trying to access. Admin access, member login, member information, secure files, and ecommerce transactions are encrypted using industry-standard 256-bit Secure Socket Layer (SSL) over HTTPS using TLS cryptographic protocols.

Tip: If you see https:// before any webpage on your organization's website, then this means the secure socket layer is on for the page.

Data Backup and Disaster Recovery

Customer data is replicated in real-time and files are replicated in near real-time. Service images are backed up and securely transferred to an offsite datacenter. Our backup and recovery process is tested on a periodic basis.

User & Member Access and Security

There are different levels of access to the StarChapter services as listed below. Each type has a unique login ID and encrypted password.

  • Primary Account Contact: User with full access to the Admin side of the StarChapter service and access to the Customer Account Portal for managing the customer’s account information with StarChapter. This user is permitted to grant access to other Admins.
  • Admin User Access: Users who administer the StarChapter service and have full or restricted access to the StarChapter Admin side.
  • Member – Users with access to the front-end of their chapter’s site to access member only secure pages and files. They can self-manage their own member profile.
  • Corporate Member Admin – users with access to the front-end of their chapter’s site to access member only secure pages and files. They can self-manage their own member profile and other members’ profiles that are under their Corporate Membership.
  • Non-Member with Login – users with access to self-manage their own profile and expedite registering for meetings/events.
  • Guest or Site Visitor – Strictly public access, no login is permitted.

Notification Procedures

In case of a data breach or discovered vulnerability, we will use our best efforts to notify affected customers so that they are aware of the issue and can take appropriate protective steps. Notification procedures include emailing customer’s primary account contacts, posting notices on our blog, and placing announcements on the Admin section of the StarChapter application.

Collective Effort

Keeping your data secure is a collective effort. Here are some steps you can take to ensure your data is secure:

  • Admin Users, Members and Non-Members should not share their own login and password.
  • Use the Admin Welcome Email or Forgot Password functions to set and reset passwords rather than sending passwords in email.
  • Passwords should be adequately difficult and changed on a periodic basis.
  • We recommend changing your password every 3 months.
  • Users and members should ensure that they have sufficient antivirus and malware protection and firewall security on their own systems.