 |
 |
LEGAL & UTILITY RESOURCES
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
ARC does not publicly disclose details of its security program - the following discussion is intended to provide only a general outline of ARC's approach. ARC welcomes in-depth discussion of security issues with interested affiliates or authenticated prospective affiliates, under protection of appropriate nondisclosure agreements.
1. Organization
Information security at ARC is the responsibility of every employee and partner, under supervision of the Chief Information Officer. A cross-functional, executive-level Security Policy Standards Committee sets and reviews security policy and goals, assigns security roles, and coordinates and reviews implementation. A separate Computer Emergency Response Team evaluates information security threats and makes recommendations to the Security Policy Standards Committee.
2. Authentication
Authentication — verifying the identity of participants in a transaction — is the foundation of information security. ARC authenticates all users, including employees, with a unique user ID, so that every activity may be traced to the individual responsible.
3. Authorization
ARC carries out authorization — the assignment of privileges to authenticated users — within each of its system components and applications. Privileges are granted only to individuals who need to use the components or applications, and are restricted to the time during or events for which the need is present. ARC maintains records of all privileges, and does not grant privileges until authorization is complete.
An ARC user may conduct financial transactions using the system only after ARC has completed an offline, person-to-person authorization to perform such transactions on behalf of their company.
4. Data Integrity
Data integrity is the assurance that the content or source of information has not been altered, for example during storage or transmission. ARC studies and follows industry best practices for the maintenance of data integrity.
5. Privacy
ARC maintains a separate Privacy Policy.
6. Logging and Auditing
Logging maintains a comprehensive record of all activities on the ARC system; auditing confirms that a series of activities occurred as described by system records. ARC business processes, both online and off, include detailed logging and auditing processes to assure reconstruction of data and events whenever necessary.
7. Non-repudiation
Non-repudiation allows either party to a transaction to prove to a third party that the sender did indeed send transaction content, and that the recipient received the same content. It requires that both parties be identified and authenticated, be authorized to perform the transaction at the time it occurred, that the transaction content remain intact throughout the process, that certain transaction information be limited to authorized users, and that the transaction information support a full audit. ARC fully supports non-repudiation of transactions among its participants.
|
|
|
