Welcome to the RFQs.ca, Inc. and subsidiaries Websites including RFQs.ca, collectively the "RFQs.ca" Websites. RFQs.ca provides access to its Websites to the public and members and has put in place the Security Policies noted below. By accessing, viewing, posting, using or downloading materials from these Websites, you agree to be bound by these Security Policies. If you do not agree with these Security Policies do not use these Websites.

Where RFQs.ca has provided you with a translation of the English language version of the Security Policy, then you agree that the translation is provided for your convenience only and that the English language versions of the Security Policy will govern your relationship with RFQs.ca. If there is any contradiction between what the English language version of the Security Policy says and what a translation says, then the English language version shall take precedence.

Security Measures

We know that security is crucial to you - we consider security to be a top priority. We devote significant resources to continually optimize our security infrastructure and this includes continuous monitoring and improvement.

Among other security measures, RFQs.ca provides

Experienced, professional engineers and security specialists dedicated to round-the-clock data and systems protection.

Continuous deployment of proven, up-to-date security technologies, including proprietary products developed for RFQs.ca.

Ongoing evaluation of emerging security developments and threats.

Complete redundancy throughout the entire RFQs.ca online infrastructure.

Client Auditing (Notably in the sectors of Aero-Defense).

Physical Security

Our production equipment is collocated in Geneva, Switzerland and Atlanta, USA at facilities that provide 24-hour physical security, redundant electrical generators, redundant data center air conditioners, and other backup equipment designed to keep servers continually up and running.

Perimeter Defense

The network perimeter is protected by multiple firewalls and monitored by intrusion detection systems — all sourced from industry-leading security vendors. In addition, RFQs.ca monitors and analyzes firewall logs to proactively identify security threats.

Data Encryption

To be implimented.

User Authentication

Users access RFQs.ca only with a valid email and password combination, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals. RFQs.ca website username and passwords are to be kept confidential. You may not disclose or share your email or password with any third parties.

Application Security

Our robust application security model prevents one RFQs.ca customer from accessing another's data. This security model is reapplied with every request and enforced for the entire duration of a user session.

Internal Systems Security

Inside of the perimeter firewalls, the systems are safeguarded by network address translation, port redirection and more. The specific details of these features are proprietary.

Operating System Security

RFQs.ca enforces tight operating system-level security by using a minimal number of access points to all production servers. We protect all operating system accounts with strong passwords, and production servers do not share a master password.

Database Security

Whenever possible, database access is controlled at the operating system and database connection level for additional security. Access to production databases is restricted to a limited number of points, and production databases do not share a master password database.

Third Party Caching Service

RFQs.ca Websites utilize a "best of breed" third party caching service to ensure faster load and response times of RFQs.ca web pages as well as accelerated route optimization to ensure data is served up to users in the most efficient manner possible. No proprietary user data is stored on these third party servers in the form of cached data. The elimination of the number of hops in accessing data as well as the third party vendors stringent security methods provide additional security and integrity to the RFQs.ca Websites.

Server Management Security

All data entered into the RFQs.ca sourcing application by a customer is owned by that customer. RFQs.ca employees do not have direct access to the RFQs.ca production equipment, except where necessary for system management, maintenance, monitoring, and backups. RFQs.ca does not utilize any managed service providers. The RFQs.ca systems engineering team provides all system management, maintenance, monitoring, and backups.

Reliability and Backup

All networking components, SSL accelerators, load balancers, Web servers, and application servers are configured in a redundant configuration. All customer data is stored on a database served by a database server cluster for redundancy. All customer data is stored on carrier-class disk storage using RAID disks and multiple data paths. All customer data, up to the last committed transaction, is automatically backed up to a primary tape library on a nightly basis. Backup tapes are moved to secure, fire-resistant, off-site storage on a regular basis.

Security

Our site has security measures in place to protect the loss, misuse and alteration of the information under the control of RFQs.ca. We use username and password protection for users. We have a password retrieval process for users who prove they are authorized to obtain their password, via their valid email account. Transactions involving financial data are only processed using secure server technology. All data is stored on Web and database servers that are secured from physical public access. Any use of a robot, bot, spider, or other automatic or manual device or process to monitor, copy, scrape, or otherwise unlawfully access any pages on the RFQs.ca websites will be prosecuted to the full extent under the law.

This Security Policy was last Updated in July 2009.