FAQ
Trust Status Performance FAQ
PowerDMS has implemented an organization-wide governance, risk, and compliance (GRC) program that identifies, assesses, mitigates, and monitors risks to our customer’s data and infrastructure supporting our services. Security mechanisms include:
- Monthly network and system vulnerability scans and corresponding security patching program
- Biweekly dynamic and static code analysis sans
- Annual third party penetration tests
- At-rest and in-transit encryption
- Production code library file integrity monitoring
- Perimeter firewalls and intrusion detection systems
- Security logging implemented at every level of infrastructure
- Centralized logging and monitoring application that alerts employees when security events are detected
- Enforced two factor authentication process for any employee accessing production infrastructure
- Annual third party assessments including SOC 2 and HIPAA AT 101
Please see our SOC 2 report for a full list of implemented and assessed security mechanisms.
Yes, PowerDMS has been assessed by a validated third party against the following:
- SOC 2 Type 2
- Health Insurance Portability and Accountability Act (HIPAA)
- Criminal Justice Information Services (CJIS) Security Policy
Please see our SOC 2 report for a full list of implemented and assessed security mechanisms.
PowerDMS has taken steps necessary to protect criminal justice information (CJI) maintained by government and civilian agencies. Through data encryption (both in transit and at rest), internal background checks, and physical safeguards to protect data, our customers can be assured that PowerDMS meets nationally-recognized guidelines for the protection, transmission, storage, and generation of CJI.
Click here to view our third-party CJIS attestation letter.
Yes. PowerDMS supports single sign-on from any third-party identity provider that supports SAML or WS-Federation protocols (e.g. ADFS, Ping, Okta). Logins to PowerDMS over OAuth/OpenID Connect is not allowed at this time. Please contact us for additional information.
Click here for instructions on configuring Microsoft ADFS 2.0 for PowerDMS Federation
Click here for instructions on configuring SAML for PowerDMS
Yes. PowerDMS provides a tool, free of charge, to sync user and group information to PowerDMS.com – securely over SSL – on a one-time or scheduled basis. PowerDMS SYNC can import data from either .CSV files or via LDAP (with Active Directory, for example).
Click here for an introduction to PowerDMS SYNC
Production systems for PowerDMS are housed in Azure Government, AWS GovCloud SOC 2 assessed data centers, and NEOGOV’s Tier 4 Data Centers in El Segundo, CA. Data centers are monitored 24 hours a day by security personnel and include a full suite of physical and environmental controls.
We consistently improve accessibility on all our products and strive to adhere to WCAG AA and 508c compliance standards.
Didn't find the answers you were looking for?