Security Policy

Last Updated: January 18, 2026

Business Profit Strategies is committed to protecting cardholder data and maintaining the highest standards of security. This Security Policy outlines the measures we take to safeguard your information.

PCI DSS Compliance

Business Profit Strategies maintains compliance with the Payment Card Industry Data Security Standard (PCI DSS). Our compliance includes:

  • Compliance Level: Level 1 Service Provider (highest level)
  • Annual Validation: Completed by Qualified Security Assessor (QSA)
  • Quarterly Scans: Vulnerability scans by Approved Scanning Vendor (ASV)
  • Last Assessment: January 2026

Encryption Methods

We employ industry-standard encryption to protect data:

  • Data in Transit: TLS 1.3 encryption for all web and API communications
  • Data at Rest: AES-256 encryption for stored sensitive data
  • Card Data: Point-to-point encryption (P2PE) for payment card transactions
  • Tokenization: Card numbers replaced with non-sensitive tokens after initial processing

Network Security

Our network infrastructure includes multiple layers of protection:

  • Enterprise-grade firewalls with intrusion detection/prevention
  • Network segmentation isolating cardholder data environments
  • 24/7 monitoring and automated threat detection
  • DDoS protection and mitigation
  • Regular penetration testing by third-party security firms

Access Controls

Strict access controls protect sensitive systems and data:

  • Principle of Least Privilege: Staff access limited to job requirements
  • Multi-Factor Authentication: Required for all system access
  • Unique IDs: Individual credentials for all personnel
  • Access Reviews: Quarterly reviews of access privileges
  • Immediate Revocation: Access removed upon employment termination

Physical Security

Our data centers and facilities are protected by:

  • 24/7 security personnel and surveillance
  • Biometric and badge access controls
  • Visitor logging and escort requirements
  • Environmental controls (fire suppression, climate control)
  • Redundant power and connectivity

Staff Training

All employees receive comprehensive security training:

  • Annual security awareness training
  • PCI DSS requirements education
  • Phishing and social engineering awareness
  • Secure coding practices (development team)
  • Incident response procedures

Breach Notification

In the event of a security incident affecting cardholder data:

  • We will notify affected parties within 72 hours of discovery
  • Card brands (Visa, Mastercard, etc.) will be notified per their requirements
  • Law enforcement will be contacted as appropriate
  • We will provide clear information about the incident and steps being taken
  • Free credit monitoring may be offered to affected individuals

To report a suspected security incident, contact us immediately at 208-280-1995 or info@bpszerofess.com.

Vulnerability Management

We maintain a proactive approach to identifying and addressing vulnerabilities:

  • Weekly automated vulnerability scans
  • Annual penetration tests by qualified third parties
  • Timely patching of systems (critical patches within 24-48 hours)
  • Secure software development lifecycle (SDLC)

Contact Security Team

For security questions or to report a concern:

Business Profit Strategies - Security

Phone: 208-280-1995

Email: info@bpszerofess.com