ASP Technology & Security Overview



Similar documents
GiftWrap 4.0 Security FAQ

BOWMAN SYSTEMS SECURING CLIENT DATA

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

custom hosting for how you do business

EmpLive Technical Overview

join.me architecture whitepaper

Click. Schedule. Relax.

Perceptive Software Platform Services

How To Use Irecruit Software

Attachment D System Hardware & Software Overview & Recommendations For IRP System

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

PowerVCS and Security

Sophisticated Password Policy

BOLDCHAT ARCHITECTURE & APPLICATION CONTROL

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

techsafe Features Technology Partners th Street - Vero Beach, FL (772) Page 1/

Section 1 CREDIT UNION Member Information Security Due Diligence Questionnaire

Making the leap to the cloud: IS my data private and secure?

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

SVA Backup Plus Features

Evolved Backup Features Computer Box 220 5th Ave South Clinton, IA

COMLINK Cloud Technical Specification Guide CLOUD DESKTOP

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Introduction. Ease-of-Use

How To Backup Your Hard Drive With Pros 4 Technology Online Backup

How To Secure Your Data Center From Hackers

IBX Business Network Platform Information Security Controls Document Classification [Public]

redcoal SMS for MS Outlook and Lotus Notes

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Secure Your Source Code and Digital Assets

eztechdirect Backup Service Features

Birst Security and Reliability

Online Backup Solution Features

REMOTE BACKUP-WHY SO VITAL?

Customized Cloud Solution

ProjectManager.com Security White Paper

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

Security & Infra-Structure Overview

Autodesk PLM 360 Security Whitepaper

Secure Data Hosting. Your data is our top priority.

by New Media Solutions 37 Walnut Street Wellesley, MA p f Avitage IT Infrastructure Security Document

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

CloudDesk - Security in the Cloud INFORMATION

Security Policy JUNE 1, SalesNOW. Security Policy v v

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

GTS Software Pty Ltd. Remote Desktop Services

Troux Hosting Options

White Paper FASTFILE / Page 1

Fax

Keyfort Cloud Services (KCS)

Five keys to a more secure data environment

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

Service Overview CloudCare Online Backup

White Paper: Librestream Security Overview

INTRODUCTION ADVANTAGES OF RUNNING ORACLE 11G ON WINDOWS. Edward Whalen, Performance Tuning Corporation

Interact Intranet Version 7. Technical Requirements. August Interact

BroadData Unified Meeting Security Whitepaper v4.2

How To Use Attix5 Pro For A Fraction Of The Cost Of A Backup

A. The Treeno Data Center maintains audited advanced security systems equal to the most sophisticated systems of large corporations.

Security Controls for the Autodesk 360 Managed Services

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Christchurch Polytechnic Institute of Technology Information Systems Acquisition, Development and Maintenance Security Standard

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

StratusLIVE for Fundraisers Cloud Operations

BEGINNER S GUIDE TO SSL CERTIFICATES: Making the best choice when considering your online security options

System Requirements Version 8.0 July 25, 2013

Base One's Rich Client Architecture

Enterprise level security, the Huddle way.

Workflow Solutions Data Collection, Data Review and Data Management

Print4 Solutions fully comply with all HIPAA regulations

White Paper. BD Assurity Linc Software Security. Overview

Premier Services Program (PSP) Tools: Security Overview

SaaS Security for the Confirmit CustomerSat Software

Private Cloud. One solution managed by Applied

Talk With Someone Live Now: (760) One Stop Data & Networking Solutions PREVENT DATA LOSS WITH REMOTE ONLINE BACKUP SERVICE

Supplier Information Security Addendum for GE Restricted Data

Guardian365. Managed IT Support Services Suite

FormFire Application and IT Security. White Paper

Computers and Society: Security and Privacy

Famly ApS: Overview of Security Processes

Managing internet security

TOP SECRETS OF CLOUD SECURITY

Developing Secure Web Applications

enicq 5 System Administrator s Guide

KeyLock Solutions Security and Privacy Protection Practices

RL Solutions Hosting Service Level Agreement

White Paper DocuWare Cloud. Version 2.0

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

Privacy + Security + Integrity

Transcription:

ASP Technology & Security Overview

J. J. Keller & Associates Company Profile Year Founded: 1953 Corporate Location: Neenah, Wisconsin, USA Number of Employees: Over 1200 Type of Business: Safety, Regulatory & Information Publications, Products & Services Products: Regulatory Guides, Compliance Manuals, Log Books, Training Handbooks, Newsletters, Video-based Training Kits, Forms & Supplies, Software, Custom Products & Programs Services: Online Services, On-Site Consulting, Seminars & Workshops, Outsourcing Services Number of Customers: 200,000+ companies in a wide range of industries, including transportation, industrial/manufacturing, environmental, distribution, chemical manufacturing, construction, food safety, mining and more. ASP Applications: J.J. Keller s Encompass, Driver Management Online, Vehicle Management Online, Log Checker Online, Fuel Tax Master Online, and Maintenance Manager Online ASP History The feasibility and justification for J. J. Keller s ASP applications were developed in late 1999, early 2000. There are now over 450,000 drivers and vehicles being managed with our online services. The design of our ASP takes into account several fundamental benefits to our clients. Aside from the regulatory and compliance functionality that J. J. Keller is known for, the ASP model allows companies to manage and monitor the compliance activities of multiple locations across North America. Corporate, regional, and division-level management have access to compliance information and practices for locations they are responsible for. Managers can implement standardized regulatory, compliance, and hiring processes throughout an organization, limiting exposures related to fines and mismanagement. Small to medium-sized companies have access to the same tools that have only been available to larger carriers, giving them an affordable, competitive advantage, as they pay based on the number of records stored in the system. Companies that do not have the regulatory expertise on site now have a tool to help them stay in compliance, while overall compliance is managed centrally. All companies can drastically improve their recruiting process and reduce the need for labor intensive, paper-based workflow. The benefits of ASP go on and on. Last revised January 2011 2

ASP Technology Overview J. J. Keller s ASP applications were designed and developed using the Rational Unified Process (RUP). This methodology was chosen to ensure that a project of this scope and magnitude could be delivered in a high quality, cost-effective manner. Using the RUP methodology and tool set, J. J. Keller ASP has been developed with an emphasis on time-to-market and Quality Assurance. Our ASP applications were developed primarily using Microsoft tools. The underlying application framework, or building blocks of the system, were developed using Microsoft.NET Frameworks. Specific tools include: Application Component Programming Language C# Presentation Tier Technology ASP.NET Database Access Technology ADO.NET Reporting Engine Crystal Reports.NET Web Server Internet Information Server (IIS) 6.0/7.0 Quality Assurance Technology IBM Rational Test Suite/Microsoft Visual Studio Team System Because it has developed under.net Frameworks, our ASP is an open, flexible, stateof-the-art system that can be enhanced and maintained in a highly efficient manner. System/Operating Requirements Connection speed: 56K Minimum High Speed, T1 Recommended Screen Resolution: 800X600 Minimum 1024X768 Recommended (can fit more information on the screen) High Color 16 bit Browser: Microsoft Internet Explorer; v6.0 or higher (ASP applications are optimized for IE) Mozilla Firefox; v3.0 or higher Report Viewer: Adobe Acrobat Reader v6.0 or higher Platform Requirements: Windows XP or higher 100 MB of Free Hard Drive space Last revised January 2011 3

ASP Security Overview Encryption Summary We use the same industry-standard Secure Socket layer (SSL) protocol that leading e- commerce and financial service providers use to encrypt information sent across the Internet. This encryption ensures the privacy of your data as it flows between your Web browser and our ASP applications. Application Security Summary Our ASP provides password-level security for all users. Users have access only to the tools and data permitted by their authorized security settings. J. J. Keller ASP requires a two-way match of a random and unique string of 72 characters each time the system is asked to retrieve information. We also use 128 bit encryption during transfer of any data. Physical Security Summary The application and equipment used to host our ASP is located at a physically secured facility specializing in the hosting of Internet applications. The facility is completely free of glass and any unsecured entry points. They use biometric hand scanning technology, access key cards, and combinations secure the physical location. General Security J. J. Keller will periodically audit our ASP application infrastructure to ensure compliance with the ASP Policy and these Standards. Full security reviews by outside security experts have been conducted. J. J. Keller maintains an architecture document that includes a full network diagram of the ASP Application Environment, illustrating the relationship between the Environment and any other relevant networks, with a full data flowchart that details where customer data resides, the applications that manipulate it, and the security thereof. This document remains confidential and will be made available based on customer written requests and demonstrated need only. J. J. Keller will immediately disable all or part of the functionality of the application should a security issue be identified. Affected customers will be notified as soon as possible should this occur. Physical Security Specifics Application hosting by a 3 rd Hosting Provider is the most secure way for an ASP to protect a customer s data. Hosting Providers offer physical security such as restricted building access and locked cages, as well as general application uptime services and redundancy that help ensure maximum availability. Availability services include guaranteed Internet bandwidth connections, backup generators, and fire suppression system. The equipment and application hosting for our ASP is located at CDW (formerly Berbee Information Networks), a physically secured facility in Madison, Wisconsin, specializing in the hosting of Internet applications. Biometric technology, access key Last revised January 2011 4

cards, and combinations secure the physical location. Further information on CDW can be found at www.cdw.com. The CDW facilities are state-of-the-art with multiple independent geographic connections to the most reputable Internet access providers to help maintain and balance Internet traffic; with a fully redundant OC-12 SONET Ring; multiple Uninterruptible Power Supplies (UPSs), and backup systems. J. J. Keller shall have final say as to who is authorized to enter any secured physical environment. J. J. Keller will disclose, upon request, who amongst their personnel and CDW s personnel will have access to the environment hosting the application. J. J. Keller ASP applications incorporate redundant network connections and a backup diesel generator that permits the system s continuous operation even in cases of prolonged electric power outages. Network Security Specifics The network hosting the application is air-gapped from any other network or client CDW may have. This means J. J. Keller s application environment utilizes separate hosts and separate infrastructure. J. J. Keller ASP utilizes logical separation to ensure customer data is not compromised. While the data of multiple customers is shared on common physical hardware, the data is separated logically within shared physical servers and application code handles the client data isolation. This method is fairly common practice in the ASP industry and ensures that all customers are utilizing the latest enhancements within the system and the data stores are fully redundant. All visible query string parameters are based on 72 character strings that are scientifically proven as random and unique. Our ASP requires a two-way match of relevant data in order to retrieve information. J. J. Keller ASP utilizes GUIDs or Globally Unique Identifiers, which randomly create identifications based on a 128-bit number for customer data and their employee data. The idea of a GUID is that not two machines can ever generate the same GUID value twice and unique numbers are created on independent machines. J. J. Keller ASP safeguards customer data and transactions while they are in transit. The system employs 128-bit RSA secured-socket layer (SSL) data encryption. Such 128-bit encryption has never been broken, and would require a trillion years to crack using current and foreseeable technology, according to RSA laboratories. Our ASP s SSL-based network security is supplemented by a VeriSign Server ID, also known as a digital certificate. The certificate verifies that all data claimed to have originated from a customer or partner web site has, in fact, originated from that site, and that is has not been tampered with along the way. Based on 128-bit encryption, a VeriSign digital certificate is the industry standard and can be neither forged nor decoded with current and foreseeable technology. Last revised January 2011 5

Engineered to deliver maximum feasible availability to its customers, the ASP system maintains replicated versions of its application and data on multiple servers in order to protect against unscheduled server interruptions. Our ASP s automatic fail over capability further ensures that the seamless transfer of operations to backup servers in the unlikely event of a main server failure. Host Security Patches are applied to host, web servers, and databases as often as they become available and based on the severity and applicability of the patch. In addition, standard operating procedures exist for the application of OS patches. A combination of protocol exists to monitor web site availability and system hardware performance. The combination includes activities on the parts of CDW and J. J. Keller, as well as, a 3 rd party service. The Network Operations Center at CDW is staffed 24 hours a day, 7 days a week with experienced and qualified Network Administrators. The system at CDW also monitors internal and customer systems, not only for failures, but also for exceeded thresholds in CPU, bandwidth, memory or hard disk utilization. Network Administrators perform trace route functions that are designed to identify response time delays with their Internet connections. Should one connection fail or experience unacceptable response time delay, the other connections have enough capacity to handle the full workload. Web Security The ASP applications use JavaScript and Microsoft ASPx technology. The applications are back-end written in C#, an object-oriented programming language with XML-based Web services on the.net platform. C# is designed for improving productivity in the development of Web application and boasts type-safety, garbage collection, simplified type declarations, versioning and scalability support and other features that make developing solutions faster and easier. J. J. Keller ASP has an active, dedicated, and on-going Quality Assurance process. Validation of system functionality, compliance, authentication, authorization, and accounting functions are all part of the Quality Assurance process. J. J. Keller ASP uses Trend Micro anti-virus software and the network system administrators monitor the Trend Micro web site daily for virus definitions and virus protection. A full virus scan is also completed weekly on all files. Data Security J. J. Keller ASP is built using Microsoft s.net framework. Microsoft brought in independent security experts, Foundstone, Inc. and CORE Security Technologies to analyze and remark on.net. Foundstone, Inc. and CORE Security Technologies have many years of experience assessing and securing complex software application of organizations ranging from members of the Fortune 500 to startups. Their analysis Last revised January 2011 6

stated, In fact, used appropriately, we believe that it is one of the best platforms for developing enterprise and Web Application with strict security requirements (Foundstone, 2003). ASP.NET includes well-integrated support for signing and encrypting cookie content addressing longstanding sensitive issues on Web Application security (Foundstone, 2003). The ASP system automatically backs up all customer data every night with backups stored on non-degradable media in a fireproof, offsite location. This makes it possible for quick restorations of service should online data ever become damaged in a natural disaster or similarly unlikely occurrence. Cryptography Connections to the ASP utilize SSL, Secure Sockets Layer, protocol for transmitting private, confidential documents via the Internet. All modern browsers currently support SSL. All cookies are hashed using SHA1 and protected through the continued use of the 128- bit TripleDES encryption. Role-Based Security Standard user roles are defined based on our knowledge of the transportation industry and best industry practices. While we have attempted to identify a set of standard user roles, we appreciate the uniqueness of processes in place at each of our customer s locations. For this reason, we have adopted role-based security. Role-based security assigns appropriate user access based on those users job responsibilities and affected regulatory compliance. This feature can be customized by the customer s system administrator to meet their company s unique needs. Standard user roles may include: Driver Qualification, Driver Recruiting, Alcohol & Drug Compliance Management, Safety Manager, Regional Safety Manager, and Corporate Management. The customer s system administrator maintains user roles outside of those identified as standard user roles. The customer s system administrator manages additional roles, access, and assignment of these roles to users. J. J. Keller offers initial consultation on this process with additional services as defined in the service agreement. Management of user roles can be effective just in time as managed by the customer s system administrator. Access to the ASP system is restricted to authorized users only. The password policy for ASP applications is designed to address the individual needs of our customers. J. J. Keller will manage the initial account generation, user and password setup under the service agreement. The customer s system administrator manages further security relating to user identification and passwords. This includes the maintenance or subsequent termination of a user s account. Last revised January 2011 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information