Data Privacy and Security
As a leading provider of online services, J. J. Keller & Associates, Inc.® is committed to protecting the privacy, security, integrity and availability of your data by implementing appropriate, industry-recommended administrative, technical, and physical safeguards. The following outlines how we accomplish this.

Administrative Safeguards
J. J. Keller regularly examines its environment and administrative activities to identify potential security risks and evaluate the likelihood and impact of those risks on customers and customers' data. Appropriate safeguards are implemented to address or minimize any identified risks.

J. J. Keller's Technology Services – Workplace Safety team has a designated security official, who is responsible for developing and implementing its security policies and procedures.

Established policies and procedures allow your data to be accessed only by authorized personnel, and only when such access is necessary to perform their job duties.

All members of J. J. Keller's Technology Services – Workplace Safety team receive training on our security policies and procedures upon hire. Refresher training is conducted periodically or when procedures are updated. Team members are required to sign a confidentiality agreement where they agree to keep all customer data confidential and secure and only access and use such customer data as needed to perform necessary activities on behalf of J. J. Keller. No disclosure of information is made to others inside or outside of J. J. Keller except to accomplish such activities or as required by law.

If J. J. Keller becomes aware of a security breach that affects KellerOnline®, customers shall be notified and reasonable steps shall be taken to mitigate the breach and damage caused by the breach, in accordance with all applicable state and/or federal law.

KellerOnline® uses IBM and other third party service providers to conduct periodic audits of our security procedures and systems. The audits provide an additional check of our systems to ensure that system security is maintained at the highest level. If any third party service provider receives access to any customer data, that service provider must first agree to maintain the security, privacy and integrity of any customer data in the manner consistent with J. J. Keller's policies and procedures.

Physical Safeguards
KellerOnline® servers are located in a secure, state-of-the-art Internet hosting facility. The servers are monitored 24 hours a day, seven days a week for any signs of technical problems, malicious activity (including intrusion detection), and site availability. Access to the data on these servers is limited to a small group of authorized J. J. Keller staff only. Our hosting facility is SSAE 16 (replaces SAS 70) certified.

KellerOnline® utilizes a redundant server infrastructure with website traffic balanced across the infrastructure. In the event of a hardware failure, traffic will automatically be routed to another server.

Backups of all servers are created on a daily basis to protect your data in the unlikely event of a hardware failure. A stringent schedule of preventative maintenance is followed to minimize this risk. Backup files are encrypted and stored at a secure, offsite location. In addition, we maintain a fully functional backup site at another location to protect against data loss in the event of a physical disaster (fire, flood, etc.). The backup site servers are hosted by the same company as our primary servers and subject to the same security protections.

Workstations are required to be locked at all times when unattended. Sensitive customer information, when used to perform necessary job functions, is stored securely when not in use and appropriately disposed of after the necessary tasks have been completed.

Customer data is not allowed to leave J. J. Keller premises.

Technical Safeguards
User passwords are encrypted to prevent unauthorized access. The best way to secure your information is to protect your user name and password. Without your user name and password, another user cannot gain access to any of the records you have created in the KellerOnline® service. We strongly suggest that you change your password on a regular basis and keep it confidential at all times. As described in the Personal License for the KellerOnline® service, "You may not allow others to access KellerOnline® using your Personal License Password or User Name".

If you are a part of a group in KellerOnline®, the other members within your group will be able to view and/or edit the records in your company's account. Access to your group is controlled by your company Administrator.

System controls are in place preventing access to your KellerOnline® data, except for those J. J. Keller personnel who are specifically authorized as part of their job duties.

KellerOnline® utilizes several layers of data encryption. Data residing within the KellerOnline® database (data at rest) is encrypted utilizing 256 bit AES. Data transferred to the customer via the KellerOnline® web pages (data in motion) utilizes 128-bit SSL encryption. This is the level used by most banks and other sites where a secure environment is necessary.

Secure Sockets Layer (SSL) protects data transferred over http using encryption enabled by the KellerOnline® server's SSL Certificate. An SSL Certificate contains a public key and a private key. A public key is used to encrypt information and a private key is used to decipher it. When your browser points to KellerOnline® (a secured domain), SSL authenticates the server (KellerOnline®) and the client (your browser) and establishes an encryption method and a unique session key. This begins a secure session that guarantees message privacy and message integrity.

Our virus scanning software is updated on a daily basis to ensure that we have the highest protection available. All site traffic is scanned as it enters or leaves the site.

Remote Computer Access
With your permission, a member of our support team will use our live remote-assistance tool (GoToAssist™), to view your desktop and control of your mouse and keyboard to help resolve your technical issue. Once the session is closed, the GoToAssist™ access cookie is removed and we no longer have access to your computer.

Copyright 2019 J. J. Keller & Associates, Inc. All rights reserved.