BACK TO Blog

Security and Compliance

Published On February 14, 2023     |     5 Min Read

DreamzCMMS Data Security & Compliance overview

With DreamzCMMS you can focus on maintenance and less worry about infrastructure, scaling, security, and ops. This document is about DreamzCMMS security and compliance to let you know just how safe it is. System is compliant with ISO 27001, PCI Level 1, HTTPS Encryption, DDOS Mitigation, Authentication, Application data snapshots, and more.

Where is my data and is it Secure?

DreamzCMMS is deployed on Amazon Web Services which is managed within Amazon’s secure data centers. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 270012. SOC 1/SSAE 16/ISAE 340 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)
  • PCI

      Security, Identity, And Compliance On AWS

      Amazon has many years of experience in designing, constructing, and operating large-scale data centers. ISO 27001 and FISMA certified data centers managed by Amazon. AWS Data Centers are state of the art, utilizing innovative architectural and engineering approaches.

      • AWS data centers are housed in nondescript facilities
      • Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff using video surveillance, intrusion detection systems, and other electronic means
      • Authorized staff must pass two-factor authentication a minimum of two times to access data center floors
      • All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff

      AWS Environmental Safeguards

      FIRE DETECTION AND SUPPRESSION
      Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces.


      POWER
      The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations for 24 X 7.

      CLIMATE AND TEMPERATURE CONTROL
      Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels.

      AWS Data center staff monitor electrical, mechanical and life support systems and equipment so issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.

      Network Security

      FIREWALLS

      Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default all access is denied and only explicitly allowed ports and protocols are allowed based on business need.

      Security groups restrict access to only the ports and protocols required for a system’s specific function to mitigate risk.

      DDOS MITIGATION

      We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed.

      Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth.

      SPOOFING AND SNIFFING PROTECTIONS

      Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to.

      PORT SCANNING

      Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked.

      DATA SECURITY

      Customer data is stored in separate access-controlled databases per application. Customers with multiple applications are assigned separate databases per application to mitigate the risk of unauthorized access between applications.

      System Security

      SYSTEM CONFIGURATION

      System configuration and consistency is maintained through standard, up-to-date images, configuration management software, and by replacing systems with updated deployments.

      SYSTEM AUTHENTICATION

      Operating system access is limited to DreamzCMMS Technical Administrator and requires username and key authentication. Operating systems do not allow password authentication to prevent password brute force attacks, theft, and sharing.

      VULNERABILITY MANAGEMENT

      Our vulnerability management process is designed to remediate risks without customer interaction or impact. 

      Our Risk Management Team is notified of vulnerabilities through internal and external assessments, system patch monitoring, and third party mailing lists and services. Each vulnerability is reviewed to determine if it is applicable to environment, ranked based on risk, and assigned to the appropriate team for resolution.

      Backups & Disaster Recovery

      BACKUP OF APPLICATION DATABASES AND CONFIGURATIONS

      All application data is scheduled to backup on regular intervals. When required, data can be restored from the last snapshot if data loss occurs.

      All application configuration is scheduled to backup on regular intervals. When required, data can be restored from the last snapshot if data loss occurs.

      DATA RECOVERY

      Restoration configurations automatically restores customer applications and databases in the case of an outage. 

      Encryption

      ENCRYPTION IN TRANSIT

      All the communications between clients and servers are encrypted via industry best-practices HTTPS and Transport Layer Security (TLS) over public networks. TLS is also supported for encryption of emails.​

      Emails are also Amazon SES powered as service provider with HIPAA-eligible and FedRAMP-, GDPR-, and ISO-certified.

      ENCRYPTION AT REST

      All customers benefit from the protections of encryption at rest for offsite storage of attachments and full daily backups. 

      Availability & Continuity

      Uptime

      Availability is guaranteed with 99.5% uptime​ by AWS.

      Redundancy

      DreamzCMMS employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime ensures Service Data is actively replicated across primary facilities. Most data centers are chosen for low latency.

      Disaster Recovery

      Disaster Recovery (DR) program ensures that services remain available or are easily recoverable in the case of a disaster. 

      Enhanced Disaster Recovery

      With Enhanced Disaster Recovery, the entire operating environment, including Service Data, is replicated in a secondary site to support service resumption should the primary site become fully unavailable.​

      SHARE THIS PAGE

      Business Benefits Achieved

      Other Industries Covered


      Learn more

      Hospital & Healthcare

      Learn more

      Data Center

      Learn more

      Parks & Entertainment

      Learn more

      Municipality

      Learn more

      Education

      Ready For More?

      Talk to one of our CMMS Experts

      Schedule a Free Demo Today!