Infrastructure

FIS has a fully redundant global infrastructure in place to ensure maximum network and system availability to our customers and consumers.

Our resilient network includes:

• Multiple Points of Presence (PoPs) within the US and the UK
• Fail Safe architecture with multiple levels of equipment redundancy through different carriers and geographic routing
• International Private Line Circuits (IPLCs) provisioned with diverse carriers via diverse undersea cable paths in the Atlantic and Pacific Oceans
• Robust WAN diversity across all cable routes on SMW3-Atlantic, SMW3-Pacific, Safe Pacific, SMW2-Atlantic, Flat Atlantic &I21
• Diversity in carriers (AT&T and MCI)
• Self-healing sonnet & OC-12 rings on US & Indian networks

Business Continuity Practice

FIS maintains a comprehensive Business Continuity Program that ensures our production environment is resilient and capable of maintaining system availability. The FIS Business Continuity Program (BCP) goes beyond the traditional disaster recovery plan that focuses only on facilities and/or computer technology. An important feature of our BCP includes our Global Delivery Framework which includes operations centers in the US, India and Canada.  The benefit of this global infrastructure is that our US and international sites have the ability to act as back-up sites for each other.

Our business continuity strategy is based on regular assessments of all business and operations centers. An annual Business Impact Analysis (BIA) is conducted by external firm to audit the continuity practices associated with product, platform, function, and service including customer service level requirements and any federal laws and regulations that govern the industries we serve.

In summary, business continuity begins with a focus on high system availability as the first line of risk avoidance and follows through with disaster recovery support. In the event of a disaster, the recovery strategy is to employ a combination of redundant and fail-over hardware platforms, located in an unaffected FIS facility, and/or hot site recovery facilities. FIS continues to focus on system availability and harden the daily processing environment which by default strengthens our business continuity plan. Even though we cannot avoid some disasters, FIS’ aggressive planning and testing will greatly minimize the impact.

Security Practices

FIS’ security practices are second nature. We are a US-based corporation, bound by some of the most stringent security and data privacy laws and practices in the world. FIS is ISO 27001, BS7799-2:2002 certified and has significant experience related to regulatory compliance as evidenced by our current compliance under Sarbanes-Oxley, FCRA, USA Patriot Act, SEC, GLBA and FDCPA, among others.

FIS has a dedicated security division whose mission is to create, monitor, and enforce the administrative, physical and technical controls for FIS that ensure the secure conduct of transactions for our customers.

In addition to stringent implementation of US laws on security and data privacy, FIS Global Solutions has deployed several security measures at the application and network level to further protect our customer’s data and that of the end consumer at all levels.

At the application and data level, the security measures include encryption of data both in-flight and at rest during the processing cycle, and segregation of data elements during the data capture process which prevents any single user from having access to complete contextual information. FIS Global Solutions also captures and encrypts inbound voice data for screening purposes.

At the network level, FIS has deployed a two-factor authentication for administrative control of routers, switches and firewalls, and supports at least 128-bit encryption for connecting from customer LAN to the production backbone.  Firewalls and other critical network security elements have redundancy and load balancing capability. The FIS network is also audited for compliance with Statement on Auditing Standards No. 70, Service Organizations (SAS 70), enabling us to disclose our control activities and processes in a uniform reporting format.