Security Policy – Roofing & Reconstruction Contractors of America, LLC

  1. Introduction Roofing & Reconstruction Contractors of America, LLC (hereinafter referred to as “the Company”) is committed to ensuring the security and protection of cardholder data processed during payment transactions. This security policy outlines the measures and controls in place to safeguard cardholder data, as well as the responsibilities of employees involved in payment processing.

 

  1. Payment Processing Environment
  • The Company accepts payments through various channels, including text, email, and phone.
  • We use PCI PTS-compliant payment terminals provided by Bank of America for in-person transactions.
  • Periodically, we utilize payment links sent via text messages through JobNimbus Payments for remote payments.
  • Payment gateways and processors used include JobNimbus Payments, Quickbooks, and wire transfers.
  • The Company does not store any cardholder data within its network or systems.

 

  1. Security Controls and Measures
  • All payment processing involving cardholder data is conducted verbally or through secure payment links.
  • Data transmission and storage encryption are handled by third-party payment processors, ensuring data security.
  • Physical security measures are implemented in the office, and payment terminals are located in restricted areas under camera surveillance.
  • No cardholder data is stored on any Company systems or databases.
  • User authentication and password management are handled by the IT department, ensuring proper access controls.

 

  1. Network Security
  • The network infrastructure is segmented to isolate sensitive data, keeping contacts, jobs, and payment details on different platforms.
  • The Company employs redundant firewalls to protect the network, and wireless networks are in use within the office premises.
  • However, data is securely stored on cloud platforms, ensuring that cardholder data is not stored on the office networks.

 

  1. Third-Party Service Providers
  • The Company uses reputable third-party payment providers, including JobNimbus Payments, Quickbooks, and Bank of America.
  • These providers have assured PCI compliance, and their services have been vetted for security.

 

  1. Employee Training and Awareness
  • Employees involved in payment processing or data handling undergo quarterly training and weekly meetings.
  • Regular training sessions emphasize the importance of security and privacy in handling cardholder data.

 

  1. Incident Response and Breach Notification
  • In the event of a security breach, the Company promptly identifies and stops suspicious activities using monitoring tools.
  • The HR department is informed to document the breach, and a thorough assessment is conducted to determine the extent of the breach.
  • Affected parties are notified through written communication and personal phone calls, addressing the breach and mitigation efforts.

 

  1. Regular Testing and Monitoring
  • The Company regularly monitors suspicious IP addresses and activities on Google Workspace, JobNimbus Payments, and QuickBooks.
  • Vulnerability scanning and penetration testing are conducted periodically to ensure a proactive security stance.

 

  1. Policy Compliance and Enforcement
  • Non-compliance with the security policy is documented and reported to HR.
  • Employees found in violation may face immediate termination and become ineligible for rehire.

 

  1. Policy Review and Update – The security policy is reviewed quarterly and updated as necessary to reflect changes in technology and regulations.

 

This security policy represents the commitment of Roofing & Reconstruction Contractors of America, LLC to protect cardholder data and maintain a secure payment processing environment. Employees are expected to adhere to this policy, and any changes will be communicated to all relevant parties.