Security Policy

This page covers Act&Match webinar service subcontractor’s advanced security features.

Introduction

Act&Match webinar service subcontractor is an easy-to-use SaaS webinar platform used worldwide. It was built using highend technology, with data security as the highest priority. The platform meets stringent security requirements in the design, deployment, and maintenance of its network, platform, and applications. Businesses and government agencies can use Act&Match webinar service provider routinely and effectively, secure in the knowledge that their sessions are safe and private.

Role-based security features

Each user is assigned an application-defined role, so account owners can enforce company access policies related to service and feature use.

Host privileges

Hosts have the top level of webinar control and can grant and revoke various privileges for participants. Host capabilities include the following: Invite attendees before or during the webinar, so only authorized participants can join the webinar. View an attendee list showing current roles and privileges. Start and end the webinar, to prevent others from disrupting it. Make any attendee an active presenter. Allow or disallow the use of chat by attendees. Disconnect or log out attendees. Transfer the host role to another attendee so the webinar can continue if the host must leave. (Once an attendee becomes a host, this privilege cannot be revoked.)

Presenter privileges

A presenter shares content with the attendees. Any webinar attendee may be granted the role of active presenter. Presenters have the following capabilities: Upload chosen documents to a webinar room and show them to attendees, without displaying all your files and folders from your computer. Grant or revoke remote keyboard and mouse control to another attendee, to facilitate efficient communication through desktop interaction. Designate an attendee as a presenter, allowing a flexible, dynamic flow. The difference between Host and Presenter is that the Host has the ultimate control over the account panel and webinar room. He can invite attendees, presenters, schedule and run webinars or online meetings, and control attendees data and billing details. Presenter, however, can only run an event (after being designated by a Host), with no access to the account panel or billing details.

Attendee privileges

Users with the attendee role have the following privileges: Join any webinar they’ve been invited to. View the presentation content unless the presenter has paused or disabled it. If granted, remotely control the presenter’s keyboard and mouse. (Remote control privileges are automatically revoked whenever the presenter moves his mouse.) Use chat to send text messages to all other attendees. (Chat may be disabled or moderated by the host or presenter.) Leave a webinar at any time.

With basic access rights and privileges on assigned roles, webinars have the flexibility to facilitate interaction between attendees without compromising control or visibility. Hosts can easily add attendees or change the presenter as needed throughout the webinar. Presenters remain in complete control of their desktops, and hosts have everything required to manage the webinar effectively.

Multi-user privileges

The multi-user feature allows you to have multiple users on the same account. With the multi-user feature, the account owner can: Enable co-workers, employees, or contractors to log into the account using their own credentials. Enable multiple users to create and host many events under one account. Grant access to selected employees while staying in control of the company account. Ensure the consistency of account credentials and avoid unexpected password changes. Control the brand consistency in all customizable elements created by other users. Retain sole control of billing decisions to get the company invoices under control. Multi-user limitations: Multiple users of the company webinar account are not allowed to host more than one event at the same time. To be able to do that, the account owner needs to purchase an Additional Room Session in the account add-ons. Multiple users cannot handle company invoices on their own. To empower a user with privacy and more independence, the account owner needs to purchase a subaccount (or multiple subaccounts). Each person gets their own storage space and recording time allowances. They can also keep their files and information private.

Secured Data Centers 

Act&Match webinar service subcontractor servers operate using a cloud-based infrastructure. The network includes servers in the following locations: North America: Washington, DC, Virginia, Texas, California, Pennsylvania Europe: Poland, Netherlands, Russia, Ireland, Germany Asia: Singapore South America: Sao Paulo Australia: Sydney Data center personnel are available 24/7 to provide logistical security and operational support.

Security Personnel

Act&Match webinar service subcontractor has a dedicated security department that recommends and implements security procedures for services and business operations. Their dedicated security department recommends and implements security procedures for services and business operations. Highly qualified security personnel receive ongoing training in all aspects of security to remain at the forefront of security innovation and meet the criteria for security accreditations. Management of security-related features covers: Account management User account-management actions Account creation Security policy Account passwords Strong account-password criteria Webinar passwords – a host can set a webinar password and optionally choose to include or exclude the password in the webinar invitation email.

Webinar room and account security features

Role-based authorization depends on the ability to correctly identify and authenticate every user. Act&Match webinar service subcontractor uses robust account and webinar authentication features to verify the identity of each host, presenter, and attendee.

Website account login

To access an account on the Act&Match webinar service subcontractor website, users must provide a valid email address and user account password. Passwords must consist of at least eight characters and include letters, numbers and non-alphanumeric characters. Passwords stored in the service database are encrypted with salted SHA1 and checked using a cryptographically secured verifier that is highly resistant to dictionary attacks.

Authentication of webinar attendees

Act&Match webinar service subcontractor provides the following types of access to webinars: Password protected – one webinar password for all attendees. Token protected – 6-Character password (digits and/or letters) generated by Act&Match webinar service subcontractor and unique for each participant. Registration with manual confirmation – Host approves or declines each registration. Webinar link is sent only to approved participants.

Encryption Technologies/TCP layer security

Data is transported from the client to the cloud-based server using 256 bit Secure Socket Layer Secured by RSA 2048 bits certificate (SHA256withRSA). Act&Match webinar service subcontractor provides the following encryption mechanisms:

Protocols
TLS 1.2 ________________________________ Yes
TLS 1.1 ________________________________ Yes
TLS 1.0 ________________________________ No
SSL 3 ________________________________ No
SSL 3 ________________________________ No

Security standards

Act&Match webinar service subcontractor is compatible with world standards for cryptographic algorithms and security protocols for secure services: TLS/SSL Protocol, Version 1.0 IETF RFC 2246 RSA, PKCS #1 SHA-1, FIPS 180-1 HMAC-SHA-1, IETF RFC 2104 Advanced Encryption Standard (AES), FIPS 197 MD5, IETF RFC 1321 Pseudorandom Number Generation, ANSI X9.62 and FIPS 140-2 AES Cipher suites for TLS, IETF RFC 3268
Act&Match webinar service subcontractor holds compliance certificate PCI Data Security Standard v 3.2

Security and risk management

Act&Match webinar service subcontractor is compliant with many security specifications and standards. The company develops and implements best practices, models and standards regarding operating, monitoring, reviewing, maintaining and improving the information security management systems. define a security policy define a scope of the information security management system conduct a risk assessment regularly manage human resources security plan objectives and controls to be implemented manage assets manage physical and environment access manage communications and operation manage information security incidents performs security scans every quarter

Last update : 23/08/2018.