The security and privacy of party and case information are top priorities for the American Arbitration Association® (AAA®) and its international division, the International Center for Dispute Resolution® (ICDR®). The AAA-ICDR has implemented best practice policies, technologies, and procedures to help protect its data and technology resources. The protections we have implemented apply to all case data and equipment stored and managed on the AAA’s technology infrastructure.
Security Topics
- Storing Information Securely
- Encrypting (Scrambling) Sensitive Data
- Data Hosting, Backup, and Recovery
- Employee Awareness and Compliance
Storing Information Securely
Unique usernames and passwords, along with multi-factor authentication, are required to access American Arbitration Association systems. Users only see what they have been given permission to see, given their role within the organization.
The AAA-ICDR also utilizes industry-standard firewalls (communication management computers designed to keep information secure and inaccessible to other Internet users), endpoint detection and response (antivirus software), and other related security technologies to secure our network and websites.
Encrypting (Scrambling) Sensitive Data
The AAA-ICDR web application is secured with 256-bit TLS (Transport Layer Security), which encrypts all data sent over the internet, making it unreadable if intercepted. Clients can process their own payments directly online. This process results in credit card transactions entered and processed using a third-party, industry-leading credit card processing company that is PCI DSS (Payment Card Industry Data Security Standard) compliant. No credit card information is stored on AAA-ICDR servers. Your credit card numbers and other personal information are encrypted when sent over the internet using the AAA web application.
In addition, all AAA-ICDR employee laptops are protected with full disk encryption, which guards against unauthorized access to any data on the computer if it is stolen or lost.
Data Hosting, Backup, and Recovery
The AAA-ICDR stores data in cloud-hosted US data centers, which is encrypted using AES 256. Multiple cloud locations support data availability in a disaster recovery scenario.
We run daily backups of all production data, which is stored securely in multiple locations.
Employee Awareness and Compliance
All AAA-ICDR employees are required to complete security awareness training throughout the year and are also required to acknowledge and sign an Acceptable Use Policy, which relates to the appropriate and secure use of the AAA’s resources and data, and a Confidentiality Policy, which requires case information to be kept confidential. We conduct regular audits, assessments, security tests, and scans to ensure compliance with security related polices.