Security Overview


Application Security

  • Access to sensitive areas require user authentication and authorization.
  • Granular, server-side authorization applied at the user interface and the back-end.
  • All user interaction is logged.
  • All access related-security exceptions are logged and reviewed.

 

Data Encryption

  • Government grade, AES 256-bit key strength cryptographic algorithms.
  • Application layer encryption of all PII (personally identifiable information) stored in client databases.
  • Encryption of all client files/documents.

 

Infrastructure Security

  • All communication encrypted using HTTPS, TCP over TLS.
  • Hosted by Microsoft Windows Azure. Security certification/compliance:
    • PCI DSS
    • SOCC1, SOCC2 SSAE 16/ISAE 3402
    • FedRAMP
    • FIPS 140-2
    • ISO 27001
  • Client-specific file storage containers.
  • Client-specific database option available.