Customer and case-information security and privacy along with uninterrupted operation in the wake of a significant business disruption or a disaster are top priorities for the
AAA-ICDR. The organization has implemented best-practice policies, procedures, and technologies to help protect all case data and equipment stored and managed on the
AAA-ICDR’s technology infrastructure. The AAA-ICDR continues to invest significant resources and senior-level management in maintaining the highest caliber of data protection.

The AAA-ICDR Best Practices Guide details how to maintain cybersecurity and privacy.

Key Technology Protections

The AAA-ICDR employs several layers of advanced and best-practice protections against both external and internal cyber threats to current correspondence and stored documents. This includes highly advanced firewalls to prevent access from unauthorized internet users, extensive use of encryption and security patches, and a Payment Card Industry Data Security Standard (PCD DSS) process for secure credit card payments. 

The AAA-ICDR Information Security Program details the key technology protections in place. 

Disaster Recovery Plan and Business-Continuity Plan

The AAA-ICDR maintains meticulously detailed and regularly updated plans to protect its data and processes. The Disaster Recovery Plan (DRP) addresses the technology-recovery procedures and safeguards the organization has in place to deal with a loss of technology. The Business-Continuity Plan (BCP) ensures the continuation of critical business operations in the event of a significant business disruption, such as loss of people or loss of offices. The Cybersecurity Incident Response Plan (CIRP) outlines the plan and team that responds to information-security incidences.  

The AAA-ICDR Business Continuity/Disaster Recovery details the key elements of the protections.

Cybersecurity-trained Staff and Panels

The AAA-ICDR requires ongoing organization-wide computer-based training in security awareness and in 2019 inaugurated a cybersecurity-training initiative for panelists. Annually, all staff members are required to acknowledge the Acceptable Use Policy, which outlines the appropriate and secure use of the AAA-ICDR’s resources and data. 

Organizational Support and Oversight

Governed by senior management, the Information Security and Privacy Committee (ISPC), sets information security and privacy policies for the organization and evaluates threats and risks on an ongoing basis. Multiple annual information security-related assessments, audits, and security tests are performed internally and by third parties.

The AAA-ICDR Information Security Program describes the organization support and oversight.