From our extensive experience we find the following may be helpful
- Do I need to upgrade my computer system?
- How do we Subscribe to ChurchWorks?
- How many users can we have?
- Is my data secure?
- Is our data backed up?
- Is our data protected from computer viruses?
- What about PCI-DSS compliance?
- What about Privacy?
- What does Hosted mean? Do we have to install anything?
- What happens when I need a bigger database?
- What if we decide ChurchWorks isn’t for us?
- What is a Security Certificate (SSL)?
- Where is our data held?
Do I need to upgrade my computer system?
You don’t need to upgrade your computer system, provided you can connect to the internet you can use ChurchWorks. ChurchWorks has been specially designed to work with any internet connection (including dial up) meaning your team will be able to log on regardless of slower home connections. Better yet, ChurchWorks is hosted so you don’t need to install anything on your local machine or server.
How do we Subscribe to ChurchWorks?
Simply click on the big SIGN UP button on any of our pages or click this link to be taken to the sign up page
How many users can we have?
There’s no limit to the number of people you can have using ChurchWorks at any one time so if you’re a team of two or 2000 we’ve got you covered.
Is my data secure?
ChurchWorks takes the security of your data seriously. We have put a number of security measures in place to help guard your data.
Aside from only using the most reputable data centres, we ensure the security of your data by employing industry standard methods as follows:
We encourage our clients to make use of Security Certificates (see below) to protect their data between the browser and the server.
We employ services such as the ‘ScanAlert’ monitoring service to constantly monitor our servers for security weaknesses.
All passwords on the server are encrypted within the database.
Our services are consistently monitored for service interruption or failures.
Is our data backed up?
Our backup & redundancy procedures protect your data in two different ways. Firstly, all database content (that means ALL your data) is replicated in real time to a separate server. This ensures that in the event of a hardware failure on the primary server, all your data is safe – right up to the minute.
We then run a nightly incremental backup routine, with full backups each week and each month. Backups are stored in two locations, as per industry standards.
Our redundancy infrastructure is designed to ensure that in the event of a complete failure of a server, all ChurchWorks sites on that server should be running again within 1 to 2 hours with no data loss.
Is our data protected from computer viruses?
At ChurchWorks we do our best to mitigate the risk of infection from Viruses and other malicious attacks. Our ChurchWorks servers have strong firewalls in place to protect our code and hosted data. One way viruses are spread is through infected or malicious files. ChurchWorks contains file upload functionality so your users can upload MP3s and other files.
ChurchWorks does not execute or run these files and so there is no risk to ChurchWorks servers from these files. If however, a malicious file was uploaded then those who download the file would be at risk.
We also encourage you to have Proper Use policies in place within your church, and it is good practice for all computer users to run anti virus software on their own…
What about PCI-DSS compliance?
The payment gatwayes which we support are all PCI-DSS compliant and the ChurchWorks application doens't actually store credit card information itself.
There are 12 major checkpoints set out by the Payment Card Industry (PCI) which you need to pass in order to become PCI-DSS certified.
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
- Restrict access to cardholder data by business need to know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
- Maintain a policy that addresses information security
Your data is handled in by 3 organisations, all of whom must be PCI-DSS compliant, your church, ChurchWorks and your payment gateway.
ChurchWorks is currently in the process of becoming certified and all of the payment gateways we support are PCI-DSS compliant.
Paypoint have partnered with Trustwave to help you as a merchant achieve and maintain PCI-DSS compliance. More info about Trustwave: http://www.paypoint.net/services/risk-pci/pci-trustwave
What about Privacy?
ChurchWorks takes the security of your data very seriously. We will not sell or pass on your data to anyone without your specific instruction.
From time to time ChurchWorks staff or agents may be required to access your church’s data, but this will only be in specific circumstances, for example in answering a support ticket, performing a system upgrade or running data maintenance tasks, or providing an extra service such as address validation. Beyond these limited set of circumstances, it is our policy not to access or review your data.
What does Hosted mean? Do we have to install anything?
ChurchWorks is hosted, which means, both the ChurchWorks application and your data sit on the ChurchWorks Server. There is no need to install any software on your computer. It’s a bit like online banking in that you simply type in your special ChurchWorks address then enter your user name and password to log in.
What happens when I need a bigger database?
ChurchWorks easily scales to fit you. You can start from just 250 people right up into the tens of thousands. When you near capacity ChurchWorks will give you a message and you can simply upgrade to the next level.
What if we decide ChurchWorks isn’t for us?
Of course we work very hard to make sure you love ChurchWorks however if you find it is not for you then you can cancel your subscription at any time. Any unused time during the month you cancel is non refundable.
What is a Security Certificate (SSL)?
SSL is an integral part of most web browsers and web servers and makes use of the public-and-private key system which encrypts and protects your data. In order to make an SSL connection, the SSL protocol requires that a server should have a digital certificate installed. A digital certificate is an electronic file that uniquely identifies individuals and servers. Digital certificates serve as a kind of digital passport or credential which authenticate the server prior to the SSL session being established.
Typically, digital certificates are signed by an independent and trusted third party to ensure their validity. The “signer” of a certificate is known as a Certification Authority (CA), such as Thawte or Verisign.
Where is our data held?
Like many internet businesses, we make use of dedicated data centres to house our servers. This provides us the ability to offer servers in different regions in order to bring the best performance to our client churches.
We choose our data centres very carefully, making sure that we get the maximum in security and support to ensure the performance of our system, and the safety of your data.
We currently have servers located in the USA, the United Kingdom and South Africa. Your data will sit on the server most appropriate to your location, based on ensuring we comply with any privacy requirements, and ensuring you receive the best performance possible.