Security practices and procedures at Team Sports Admin
Security here at Team Sports Admin is not taken lightly. Below, we'll outline both the physical and technical procedures we use to ensure your data is kept safe.
PCI compliance
The Payment Card Industry Data Security Standards (PCI DSS, or more commonly, PCI) is a set of standards set forth by the four major card associations to protect cardholder data. All merchants and processors need to have physical, electronic, and procedural controls in place to ensure that cardholder data is stored and handled securely at all times.
Team Sports Admin is a PCI Level 3 compliant merchant.
This means we process between 20,000 and 1,000,000 payments annually.
Our payment processor, Stripe, is one of the largest, most advanced payment processors in the world. They handle payment processing for services like Amazon, Lyft, Zoom, Slack, Google and many more. Stripe is a certified "PCI Service Provider Level 1" payment processor.
Technical security and encryption
Whenever your data is in transit between you and Team Sports Admin, everything is sent encrypted over HTTPS, and our databases utilize encryption at rest.
On the infrastructure side, Team Sports Admin is built on Amazon Web Service (AWS) using a cloud native architecture. The AWS infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today, engineered to support the biggest companies in the world. This infrastructure is built and managed not only according to security best practices and standards, but also with the unique needs of the cloud in mind. AWS uses redundant and layered controls, continuous validation and testing, and a substantial amount of automation to ensure that the underlying infrastructure is monitored and protected 24/7. As an AWS customer, we benefit from a data center and network architecture built to satisfy the requirements of the most security-sensitive customers.
Security through coding practices
We hire the best developers we can find. Since so many security exploits take advantage of coding errors, part of security is having well-tested, well-reviewed code. At Team Sports Admin, code changes are reviewed by teammates, run against an automated testing framework, and, in most cases, manually QA'd (quality assurance completed).
Data durability and recovery
We employ a multilayered backup strategy that is designed to be resilient to hardware failure, regional disasters, and malicious acts. Daily snapshots are available for use in recovery.
Physical security
All of your data is stored in AWS data centers, which use industry leading practices in physical security, redundancy, and availability. You can learn more about Amazon's data centers here.
Personnel security
Team Sports Admin is a small company, so thankfully we are able to really vet and hire people who care about its success. Our employee turnover is extremely low (especially for the tech industry). To protect company data, including customer data, all our employees sign a non-disclosure agreement when hired.
Security culture
Lastly, a word about the culture here in general. Most of us who work at Team Sports Admin are also users of its software. Our personal data is in the same database as yours, our customers. We run organizations through Team Sports Admin personally and we've registered our own children with organizations that use our software. We protect your data as if it’s our data, because it is our data.
MLB Advanced Media (MLBAM)
Team Sports Admin has been approved by MLBAM to take registrations on behalf of their major league brands. The process of getting approved is rigorous as their data security and requirements are some of the strictest around.
MLBAM is a limited partnership of the club owners of Major League Baseball (MLB) based in New York City and is the Internet and interactive branch of the league.
It operates the official website for the league and the 30 Major League Baseball club websites via MLB.com, which draws four million hits per day. MLB Advanced Media also owns and operates BaseballChannel.tv and MLB Radio.
MLBAM also runs and/or owns the official websites of Minor League Baseball, YES Network (the television broadcaster of the New York Yankees), and SportsNet New York (the television broadcaster of the New York Mets). It has also supplied the backend infrastructure for WWE Network, WatchESPN, ESPN3, HBO Now, and PGA Tour Live.
Questions
If you have any questions that weren't addressed on this page, please don't hesitate to ask by emailing us at security@teamsportsadmin.com.