Security Policy
The State of Rhode Island and RI.gov take Internet security very seriously. Our technology and policies are designed to make your online transactions safe, private and secure. Rigorous policies and procedures are utilized to safeguard your personal information, such as social security numbers, financial information and personal data.
- Secure Socket Layer (SSL) Encryption - This enables the encryption of sensitive information during an online transaction. SSL encryption protects the information you submit from being viewed by unauthorized parties while the information travels through the Internet.
- Yearly Security Assessment - Annually, RI.gov policies and procedures are examined, measured and validated by a third-party company specializing in cyber security utilizing standards and best practices as set forth by the National Institute of Standards and Technology (NIST).
- RI.gov Security - Hardware and software that controls the data entering and leaving the RI.gov network are configured and regularly updated to provide the highest level of protection.
- Secure Internal Networks - Internal networks are securely connected, segmented and protected
using the principle of least privilege to be sure that only authorized users can access specific network resources and data.
- Data Storage Policies - Unless necessary, RI.gov does not store sensitive personal or financial information. If storage is required, the information is stored in an encrypted form and then promptly destroyed once its business need is served.
- Physical Location Security - All physical locations where hardware and software are located are physically secured and only accessible by individuals with proper credentials.
- Payment Card Industry Data Security Standards (PCI DSS) Compliant - Adherence to performance measurements outlined in the PCI DSS annual self-evaluation, as well as submission to regular scans from an external third-party auditing service to search for network vulnerabilities.
- Application Security - All Web applications are regularly scanned to locate potential vulnerabilities.
- Sarbanes-Oxley Compliant - Adhere to secure change control procedures.
- The State of Rhode Island and RI.gov work hard to protect your personal information while you do business with government online.
For site security purposes and to ensure that WWW service remains available to all users, the State of Rhode Island computer system employs software programs which can monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Unauthorized attempts to upload information or change information on this service are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and the National Information Infrastructure Protection Act. The State of Rhode Island website content materials are provided for public use on computer systems located within the State of Rhode Island and for the use and benefit of citizens of Rhode Island and others. Any person choosing to use this system or seeking access to information or materials on this system is subject to Rhode Island jurisdiction. Any dispute arising therefrom shall be decided under the laws and in the courts of Rhode Island.