Core Valuation Management, Inc.

Software/Application/Information Security

At Core Valuation Management, we understand the importance of your information and data. We have built our services with the security of your information and data as a top priority.

We have a no compromise approach towards data security and that is why we take steps to ensure our services are compliant and we incorporate industry best-practices for security of our application.

We monitor our services and review our internal controls and security processes periodically to ensure the integrity of our Platform and security of your information. Below you will find a sampling of the controls we have put in place.

Physical Security & Redundancy

● Our servers are hosted securely at certified SSAE 16 (SOC) data centers in the United States across multiple availability zones

● The data centers have state-of-the-art security technology and 24/7 on-site security staff.

● The data centers feature multiple power paths and network connectivity to prevent outages in the event of power disruptions or natural disasters in any particular region.

Network Security & Access Control

● Full network redundancy

● Logical access controls based on least privilege. No one can access our systems without valid credentials.

● Extensive user management panel the gives the administrators full control over how users can access the system

● All communication between the users and our servers is encrypted with 128bit SSL security to prevent data theft.

● Minimum password requirements with encrypted password storage to ensure additional user account security.

Change Management

● All standard code changes are peer reviewed prior to release

● All releases undergo a QA review prior to going to production

● Changes are reviewed against company compliance, confidentiality and security requirements.

Organizational & Administrative Security

● We maintain Information Security policies, including incident response plans and regularly review and update them.

● All new hires are screened against job requirements and undergo background checks prior to being granted access to sensitive information or production systems.

● Vendors and third party providers are reviewed for compliance with security and confidentiality.

Compliance

Our software complies with applicable laws, regulations and standards, including:

● Dodd-Frank Act

● Appraiser Independence Requirements

● Uniform Standards of Professional Appraisal Practice (USPAP)

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any survey data you download to your own computer away from prying eyes. We offer TLS to secure the transmission of survey responses, but it is your responsibility to ensure your password is protected.

Reporting Incidents

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if CVM learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

If you are aware of a security breach or have a concern about the confidentiality of your information it’s important that you let us know. By using the links below you can report issues, or let us know if have concerns, feedback or recommendations in regards to our services.

Click here to notify of a security breach security@cvmamc.com

Last Updated: 10/03/2017

Security Statement