Protecting the security and privacy of clients and customers is of utmost importance to Findlay International.  All business is conducted in compliance with applicable laws on data privacy and protection and data security.

Personal information about clients or employees is stored in RITA, which is password protected.  Only authorized staff is allowed access. Access is dependent upon the level necessary to perform job functions.  Firewalls create barriers in order to prevent unauthorized access to the network.

Hard copies of paperwork are retained in the relocation files.  Files are stored in a designated area.  The relocation file is available only to authorized Findlay International personnel.

Findlay International retains the services of suppliers and business partners on a global basis. Service partners are only provided with the necessary information to allow them to perform their contracted services. Findlay International does not provide personal data to unauthorized third parties. These policies are strictly enforced.

Findlay keeps all client data in its secure SQL Server database, which is accessible only by authorized in-house personnel.

Protecting data integrity and security is a major part of the C-TPAT program.  Findlay has met all of the Department of Homeland Security’s criteria for protecting and maintaining data security and integrity.

Findlay secures its network with filtering, port blocking, and Intrusion Detection System (IDS) structures.  The router and firewall design at Findlay mask services so as not to expose them to the outside world. The basic security configuration is set up to disallow access by default, so resources are opened up only on an as-needed basis.

The following items highlight Findlay’s security-hardening standard:

  • Patches and updates are installed on applicable servers as soon as they become available so as to keep them up-to-date
  • Services on servers are disabled unless they are necessary
  • Protocols are limited to those actually in use
  • Accounts are restricted to use least privileged status
  • Access Control Lists are used for detection and security compliance
  • Shares, ports, and registry access are kept to a minimum, used only as required
  • Auditing and logging is maintained for all servers

Additionally, Findlay employs security-hardening practices on its database servers by constraining and sanitizing input data, using type-safe SQL parameters for data access, and providing execute permission only as needed.