Data Center Security

• Data centers are nondescript facilities with no published address
• They are built with extensive setbacks and military grade perimeter control beams in addition to other natural boundary protection
• Physical access to the facility is strictly controlled at the perimeter and building ingress points using video surveillance and state of the art intrusion detection systems
• All authorized facility staff must pass two-factor authentication no fewer than three times to access data center floors

Network and Server Security

• All servers are located behind a Firewall
• All data communications to and from the servers use the highest-grade Extended Validation SSL Certificates from VeriSign.
• All servers are protected with Anti-Virus/Malware software
• Network traffic behind the firewall is protected from eavesdropping via network monitoring tools
• Server access by Orggit staff is protected by two-factor authentication and strong passwords
• Data center staff have no login access to the Orggit application or database servers

Orggit Account Access Controls

• Password complexity rules enforce stronger passwords
• User accounts automatically lock after three login failures
• Password reset requires client to answer randomly selected security question
• Client selects "phishing" image to protect against scams
• Configurable vault rights allow account owners to control which uses can see what
• Extended Validation from VeriSign is used to verify the legitimacy of website. In most browsers, you will see a green bar in the address bar letting you know that you are connected to the authentic Orggit website.

Data Security and Integrity

• Passwords, account numbers, phishing images and security questions are encrypted at rest
• Orggit uses AES-256 bit encryption - encryption strength so strong that it is approved by the National Security Agency of the US government for the protection of top secret government data. Essentially, your data is encrypted with a number that is so massively long, that it renders brute force attacks infeasible.
• Client information is backed up every two hours
• Backup data is kept in two geographically distinct locations for disaster recovery

Privacy Policy

• No Orggit Customer Support employees have access to your data.
• All Orggit employees have gone through thorough criminal background checks.
• Data center employees have no access to the Orggit system. Please read our Privacy Policy and Terms of Use for more details.

Protect your account

• The most effective way to protect your account is to be proactive about your password, security questions and phishing images. Do not share this information with anyone.
• Passwords should be at least 8 characters long containing both letters and numbers.
• We recommend changing your security questions, password and phishing image every 90 days. Always look for this information to be correct when logging into Orggit.