Valuation Connect is committed to protecting both its proprietary and customer data. To do this, Valuation Connect has established a formal information security program to ensure appropriate controls are in place to safeguard sensitive data from unauthorized access or disclosure. The Valuation Connect security program is comprised of both technical and procedural controls. Valuation Connect has employed advanced next generation firewalls with Intrusion Prevention System (IPS) at the network perimeter configured in pairs for high availability. Public facing systems are segmented within a DMZ, isolated from internal systems by a pair of next generation firewalls protecting the intranet. All servers reside within either Valuation Connects primary or secondary data center. Data centers are enterprise class co-location providing air handling, power and network connectivity. Valuation Connect maintains its own cage with access controls. Datacenters maintain SOCI/II reports which Valuation Connect reviews on an annual basis. Both data centers and operational facilities provide physical security controls including, video monitoring, access controls, environmental monitoring and alerting, and visitor policy and procedures. Users are assigned a unique user name and password. Passwords are required to be complex, changed frequently and will lockout after a predetermined number of invalid attempts. User sessions are required to re-authenticate after periods of inactivity. Valuation Connect performs routine user account review to ensure appropriate entitlements and the removal of dormant accounts. All servers and workstations are built and hardened to the Valuation Connect baseline standard with servers performing a single role. Valuation Connect employs antivirus on all desktops and servers. Antivirus is centrally managed with definition updates pushed daily. Valuation Connect performs routine vulnerability scans and monthly patch management. A third party external penetration test is performed annually. Valuation Connect requires all sensitive data transmissions to be encrypted through the web (e.g. HTTPS), bulk file transfer (e.g. Secure FTP) and email transmission (e.g. TLS) using industry recognized algorithms. Sensitive data is encrypted within the database. End users are restricted from writing to USB and CD-R. Valuation Connect has deployed Security Incident Event Manager (SIEM) throughout the environment. The SIEM generates alerts which are reviewed by designated members of IT. Valuation Connect maintains an Incident Response Policy and Procedure to ensure incidents are investigated, resolved, and remediated.
Valuation Connect vendors are required to ensure its policies, procedures and technical controls are in place to ensure the connection/transfer of sensitive data remains secure and reduce risk of the transfer of malicious software into Valuation Connect. The vendor is to maintain a secure computing environment including the use of: up to date (patched) operating systems, centrally managed antivirus, user access through a proxy, and next generation firewalls at the perimeter. Access to Valuation Connect environment shall be secure using industry recognized encryption algorithm agreed upon by Valuation Connect and the vendor. The vendor shall maintain procedures to include the timely notification of employee’s change of status to Valuation Connect and periodic access reviews to address user entitlement changes. In the event of a security incident within the vendor environment, the vendor is required to notify Valuation Connect in a timely manner and to provide necessary access to system logs, user interviews and relevant information of the event in question. Users can access Support Services by contacting Mortgage Connect at 866-789-1814 x501 or by email at Techsupport@valuationconnect.com. This channel can be utilized to report technical issues, operational failures, incidents, problems, concerns and complaints.