GiveSignup is PCI-DSS Level 1 Compliant
GiveSignup has once again completed its annual third-party audit certifying compliance with security standard Payment Card Industry-Data Security Standard (PCI-DSS). When you are using GiveSignup you can be confident that we are managing the system to the highest standards for security, high-performance and availability.
Customers can access our Attestation of Compliance (AOC) document below for their own audit records.
Download the GiveSignup PCI-DSS AOC
If you are new to cybersecurity and want to learn more about the PCI standard, see our blog from last year which has more information on this important security standard.
What Every Event Director Should Do Today
Good security is multi-layered and requires vigilance from all of us to guard against bad actors. Remember that just behind your account is the personal data of your participants and the financial data for your events. To that end we have assembled the following best practices you can perform to better secure your GiveSignup data.
- Use strong passwords for your GiveSignup account. GiveSignup will enforce minimum password requirements of at least 8 characters, one uppercase letter, lowercase letter, number and symbol (!@#$%^&*). You should not use easy to guess words, birthdates or other things tied to yourself or your company.
- You should not reuse passwords across the various web applications you use. Passwords obtained from other sites that may have been compromised can be used in a “brute force” attack to guess your password.
- You should never share accounts with other Event Directors. Each person requiring access to GiveSignup should create their own account.
- You should configure Multi-Factor Authentication (MFA) for your GiveSignup account and make it a requirement for all of your employees. If your account password is ever compromised, MFA will make it much more difficult for a bad actor to access your account. Learn more about protecting your account with Multi-Factor Authentication.
- Review who has access to your events. Go to Race or Event > Secure Access. Delete employees that no longer need access or have left your company. Dormant accounts are often a doorway for hackers to attempt to infiltrate your system.
- Apply the principle of least privilege to your event access. Got to Race or Event > Secure Access to restrict financial access or Dashboard capabilities to only those individuals that need it.
- Never collect or record credit card information from your participants directly. Everything concerning credit card data can be done electronically on GiveSignup which has the protection required to minimize your risk.
- Educate your staff on how to identify a phishing attack or other social engineering techniques criminals use to obtain your credentials. When in doubt, go directly to www.runsignup.com, www.givesignup.org, or www.ticketsignup.io to sign into your account.