Security and Hosting Policy

Include Information about AWS / RS

Customers may not use the BookingLive Network to attempt to circumvent user authentication or security of any host, network, or account. This includes, but is not limited to, accessing data not intended for the customer, logging into a server or account the customer is not expressly authorized to access, password cracking, probing the security of other networks in search of weakness, or violation of any other organization’s security policy.
BookingLive performs server backups. However, BookingLive is not responsible for files and data residing on your account. You agree to take full responsibility for files and data transferred and to maintain all appropriate backup of files and data stored on BookingLive servers.
No third party software or applications are allowed to be hosted on BookingLive’s servers without prior written acceptance from BookingLive. This includes embedding of iframes and HTML forms.
BookingLive may deny you access to all or part of the service without notice if you engage in any conduct or activities that in its sole discretion believes violates any of the terms and conditions in this agreement. BookingLive shall have no responsibility to notify any third party providers or services, merchandise, or information, nor any responsibility for any consequences resulting from such discontinuance or lack of notification.
BookingLive agrees to contact you if there has been a security breach or attempted attack on your server.

Triple Strength Security

BookingLive host its services with its chosen Hosting Partner Rackspace.

Rackspace is a powerful, fully integrated portfolio of services, managed devices and best practices – designed to ensure the highest levels of security for customer data. Three critical security areas are covered: physical security; operational security; and system security.

Physical security includes locking down and logging all physical access to servers at data centers. Operational security involves creating business processes that follow security best practices to limit access to confidential information and maintain tight security over time. System security involves locking down customer systems from the inside, starting with hardened operating systems and up-to-date patching.

While technology alone won’t protect against all attacks, Rackspace uses the best practices in the ISO 27002 security standard and offers DDoS Mitigation Services as an addon that can be another layer of defense against DDoS attacks.

Rackspace Hosting

Servers

All our servers are data redundant, and have an excellent uptime record. Over the years we’ve established an excellent foothold in our server management expertise.

We have developed stringent procedures over the years to cope with change, and all upgrades to client systems are tested on duplicate systems before any dates are agreed for upgrades. All upgrades are done out of operational hours, with post-upgrade checklists in place to catch potential issues.

With all upgrades, support alert levels are heightened for the client, decreasing the support turnaround times they experience during times where they need assistance with their systems.

We utilize some of the most advanced technology for Internet security available today.

Fast, High Availability Hosting

To deliver maximum reliability and performance, BookingLive operates on a Rackspace network with data centers in 5 geographically diverse locations including the United States, United Kingdom and Australia. Our data centers are high-speed, redundant powered state of the art facilities.

BookingLive commits extensive resources to the security infrastructure. This includes:

Highly scalable infrastructures
Constant monitoring of production systems
Ongoing threat assessments
Rapid deployment of industry-standard security technologies

BookingLive® Security At A Glance

Physical Security

Data center access limited to Rackspace technicians
Biometric scanning for controlled data center access
Security camera monitoring at all locations
24×7 onsite staff security
Unmarked facilities to help maintain low profile
Physical security audited by an independent firm

System Security

Dedicated firewall and VPN services to help block unauthorized system access
Data protection with Rackspace managed backup solutions
Optional, dedicated intrusion detection devices to provide an additional layer of protection against unauthorized system access
Optional, Distributed Denial of Service (DDoS) mitigation services
Risk assessment and security consultation by Rackspace professional services teams
All data has daily differential daily backups, with full backups running weekly
Backups are taken during updates of sites when needed, allowing us to roll-back without significant downtime
No cardholder data is stored on servers. Our third party service providers handle payment processing and storage of cardholder data.
IP restrictions and server firewalls

Additional Protection

Servers are automatically backed up to geographically-separated sites.
Data centers implement ongoing audits, 24/7/365 monitoring and surveillance, on-site security staff, mantraps and strict access controls.
Power systems feature multiple power feeds, UPS devices and backup generators ensure continuous operation
Environmental systems have N+1 redundant configuration to ensure fault tolerance
Servers reside behind a sophisticated firewallPenetration testing performed for system security and validatio

Operational Security

Best practices used in the random generation of initial passwords
All passwords encrypted during transmission
Support-ticket history available for review
ISO17799-based policies and procedures, regularly reviewed as part of Rackspace SAS70
All employees trained on documented information security and privacy procedures
Access to confidential information restricted to authorized personnel only
Systems access logged and tracked for auditing
Secure document-destruction policies for all sensitive information
Change-management procedures
Disaster recovery and business continuity plans

Customers Can Also Benefit From (at extra cost):

Administrative auditing

Manage users, groups and access permissions. Monitor file and user activity.

Sophisticated user password policy enforcement

Manage complexity requirements, histories and forced resets.

Role-based access controls

Choose editing, viewing, previewing & uploading permissions.

AD/LDAP integration

Option for Enterprise customers over standard Box authentication. Enterprise only

Password-protection & time-based file controls

Apply passwords to shared files & folders and expiration dates for file access.

Deployment Monitoring

Servers are constantly monitored for server and database performance and page load times. Statistics are held indefinitely.

Remote Venerability Scanning

Regular PCI Compliance scans ensure PCI-DSS compliance. These scans check for known vulnerabilities and common security holes in server configurations. Scans are performed by a security compliance provider.

Security Vulnerability Reporting

Our team gives immediate attention to any report of security issues.

SSL Encryption

Optionally use SSL encryption on transfer to protect sensitive customer data.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.