Website security

Hundreds of Customers have daily entrusted Al Turathia BookStore with their personal and financial data, and we make it a priority to take our Customers’ security and privacy concerns seriously. We strive to ensure that customer's data is handled securely. Al Turathia BookStore uses some of the most advanced technology for Internet security that is commercially available today. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected. Visit our privacy policy for more information on data handling.

Customer Security

  • Authentication:

    Customer's data on our database is logically segregated by account-based access rules. Customer accounts have unique Customer names and passwords that must be entered each time a Customer logs on. Al Turathia BookStore issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the Customer.

  • Passwords:

    Customer application passwords have minimum complexity requirements. Passwords are individually salted and hashed.

  • Single Sign-On:

    For our Team Collaboration accounts, Al Turathia BookStore supports SAML 2.0 integration, which allows you to control access to Al Turathia BookStore across your private and work or public networks and define authentication policies for increased security.

  • Data Encryption: Certain sensitive Customer's data, such as credit card details and account passwords, are stored in encrypted format.

  • Data Portability:

    Al Turathia BookStore enables you to export your data from our system in a variety of formats so that you can back it up, or use it with other applications.

  • Privacy:

    We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.

  • Data Residency:

    All Al Turathia BookStore Customer's data is stored on servers located in the United States.

Physical Security

All Al Turathia BookStore information systems and infrastructure are hosted in world-class data centres located in the most secure web hosting provider GoDaddy. These data centres include all the necessary physical security controls you would expect in a data centre these days.

 

Availability

  • Connectivity:

    Fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.

  • Uptime:

    Continuous uptime monitoring, with immediate escalation to Al Turathia BookStore staff for any downtime.

  • Failover:

    Our database is replicated in real-time and can failover in less than an hour.

  • Backup Frequency:

    Backups occur daily at multiple geographically disparate sites.

Network Security

  • Testing:

    System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.

  • Firewalls:

    Firewalls restrict access to all ports except 80 ( HTTP) and 443 (https).

  • Access Control:

    Secure VPN, 2FA (two-factor authentication), and role-based access are enforced for systems management by authorized engineering staff.

  • Logging and Auditing:

    Central logging systems capture and archive all internal systems access including any failed authentication attempts.

  • Encryption in Transit:

    By default, our website has Transport Layer Security (TLS) enabled to encrypt respondent traffic. All other communications with the alturathia.com website are sent over TLS connections, which protects communications by using both server authentication and data encryption. This ensures that Customer data in transit is safe, secure, and available only to intended recipients. Our application endpoints are TLS only and score an “A” rating on SSL Labs‘ tests. We also employ Forward Secrecy and only support strong cyphers for added privacy and security.

Vulnerability Management

  • Patching:

    Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.

  • Third Party Scans:

    Our environments are continuously scanned using best of breed security tools like MacAfee. These tools are configured to perform application and network vulnerability assessments, which test for patch status and basic misconfigurations of systems and sites.

  • Penetration Testing:

    External organizations perform penetration tests at least annually.

  • Bug Bounty:

    We take the security of our platforms very seriously! Al Turathia BookStore runs a private bug bounty program to ensure our website pages are continuously reviewed for vulnerabilities.

Organizational & Administrative Security

  • Information Security Policies:

    We maintain internal information security policies, including incident response plans, and regularly review and update them.

  • Employee Screening:

    We perform background screening on all employees, to the extent possible within local laws.

  • Training:

    We provide security and technology use training for employees.

  • Service Providers:

    We screen our service providers and bind them under contract to appropriate confidentiality and security obligations if they deal with any Customer data.

  • Access:

    Access controls to sensitive data in our databases, systems, and environments are set on a need-to-know / least privilege necessary basis.

  • Audit Logging:

    We maintain and monitor audit logs on our services and systems.

Compliance and Certifications

  • PCI:

    Al Turathia BookStore is currently PCI 3.1 compliant.

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Al Turathia BookStore learns of a security breach, we will notify affected Customers so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any data in your own computer away from prying eyes. We offer TLS to secure the transmission of survey responses, but it is your responsibility to ensure that your data are configured to use that feature where appropriate.

Customer Requests

Due to the number of customers who use our service, specific security questions or custom security forms can only be addressed for customers with a certain volume of Customer accounts Activity within an Al Turathia BookStore subscription.

Contact us now !

Dear valued customer, we are here to help! If you have any kind of concern about the security of your information or the use of your data, please, feel free to contact us and we will be more than happy to help

X