SES Certification Portal Security

The SES Certification Portal Development Team has made it a priority to take user and company security/privacy concerns seriously. The SES Certification Portal uses some of the most advanced technology for Internet security that is commercially available today. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected.

Application & User Security


SSL/TLS Encryption: The entire SES Certification Portal is over secured, encrypted SSL/TLS connections. All communications with the website are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.

User Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique passwords that must be entered each time a user logs on. The SES Certification Portal issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.

User Passwords: User passwords have minimum complexity requirements. Passwords are individually salted and hashed.

Data Portability: The SES Certification Portal enables you to export your shipment data from the system in CSV format.

Firewall: restricts access to all ports except 80 (http) and 443 (https).

Physical Security


The SES Certification Portal is housed using the AWS cloud infrastructure. The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today.

AWS's world-class, highly secure data centers utilize state-of-the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24x7 by trained security guards, and access is authorized strictly on a least privileged basis. Environmental systems are designed to minimize the impact of disruptions to operations. And multiple geographic regions and Availability Zones allow you to remain resilient in the face of most failure modes, including natural disasters or system failures.

Backup Frequency


Database backups occur 3 times daily to a centralized backup system.

Handling of Security Breaches


Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if SES learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities


Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any data you download to your own computer away from prying eyes.

Questions?


If you have any questions about SES security practices, please email us at .

Last updated: September 15, 2013