FAQ

Trust Status Performance FAQ

PowerDMS production network and system components are managed in data centers designed to anticipate and tolerate failure while maintaining service levels, including AWS GovCloud, Azure Government, and NEOGOV’s Tier 4 Data Center in El Segundo, CA.

PowerDMS has implemented an organization-wide governance, risk, and compliance (GRC) program that identifies, assesses, mitigates, and monitors risks to our customer’s data and infrastructure supporting our services. Security mechanisms include:

  • Monthly network and system vulnerability scans and corresponding security patching program
  • Biweekly dynamic and static code analysis sans
  • Annual third party penetration tests
  • At-rest and in-transit encryption
  • Production code library file integrity monitoring
  • Perimeter firewalls and intrusion detection systems
  • Security logging implemented at every level of infrastructure
  • Centralized logging and monitoring application that alerts employees when security events are detected
  • Enforced two factor authentication process for any employee accessing production infrastructure
  • Annual third party assessments including SOC 2 and HIPAA AT 101

Please see our SOC 2 report for a full list of implemented and assessed security mechanisms.

Yes, PowerDMS has been assessed by a validated third party against the following:

  • SOC 2 Type 2
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Criminal Justice Information Services (CJIS) Security Policy

Please see our SOC 2 report for a full list of implemented and assessed security mechanisms.

In case of failure, automated processes move traffic away from the affected area. Core applications are deployed to an N+1 standard, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites. In addition, PowerDMS.com includes a feature that allows your site administrators to extract your data directly from within the application.

Yes. PowerDMS maintains its data in geographically dispersed data centers with disaster-recovery systems in place. This guarantees both data integrity and data availability in the event of any data center-wide outage. Should such an event occur, failover to data recovery systems will happen to minimize any interruption in service.

PowerDMS has taken steps necessary to protect criminal justice information (CJI) maintained by government and civilian agencies. Through data encryption (both in transit and at rest), internal background checks, and physical safeguards to protect data, our customers can be assured that PowerDMS meets nationally-recognized guidelines for the protection, transmission, storage, and generation of CJI.

Yes. All PowerDMS customer data is encrypted in transit and at rest. We ensure a minimum AES-256bit level encryption (FIPS140-2 certified) and at no time is any customer data left in an unencrypted state, including data that has been backed-up.

Yes. PowerDMS by NEOGOV supports Single Sign-On from third-party identity providers and protocols including SAML (Okta, AzureAD, PingFederate, Shibboleth and other SAML 2.0 compliant IdPs), ADFS via WS-Federation, and Oauth/OpenID Connect via AzureAD. 

Click here for instructions on configuring Microsoft ADFS 2.0 for PowerDMS Federation

Click here for instructions on configuring SAML for PowerDMS

Yes. PowerDMS provides a tool, free of charge, to sync user and group information to PowerDMS.com – securely over SSL – on a one-time or scheduled basis. PowerDMS SYNC can import data from either .CSV files or via LDAP (with Active Directory, for example).

Click here for an introduction to PowerDMS SYNC

Not at this time, however a static API is currently in beta.

Only a modern web browser (e.g. Microsoft Edge, Chrome, or Firefox) is required to use the core functionality of the platform. However, PowerPolicy does include two advanced features which require additional software in order to be utilized. The first feature is for IT administrators who wish to synchronize user and group information to PowerPolicy. This requires a tool – provided by PowerDMS by NEOGOV – which can be installed and run on a single server within your network. This does not affect end user environments. The second feature allows end-users to edit documents stored in PowerPolicy locally on their computer with all changes saved back to Policy seamlessly. Each end user who wishes to utilize this feature must install a software plugin on their local computer that can be downloaded directly from PowerPolicy. Installing this plugin requires administrative privileges. A document editor, such as Microsoft Word, is also required to use this feature and is not provided by PowerDMS by NEOGOV. Both the IT tool and end-user plugin are provided by PowerDMS by NEOGOV free of charge and are supported for Microsoft Windows only with an additional dependency on the Microsoft .NET Framework.

PowerDMS by NEOGOV deploys industry-leading technology including IDS, IPS, Log Monitoring, and WAF as well as partners with security experts to ensure the highest level of security. We also monitor and apply necessary patches and updates to ensure our environments are secure from any exploits or attacks, following a strict patch management life cycle, which includes assessment and testing prior to applying patches. In addition to monitoring, blocking, and patching, we also perform regular third-party audits and tests of all layers of our application.

The security measures listed above are directed, managed, and monitored by a governance, risk, and compliance (GRC) committee that meets quarterly to discuss upcoming security projects, review security alerts and events, and drive risk mitigation.

Production systems for PowerDMS are housed in AWS GovCloud SOC 2 assessed data centers, and NEOGOV’s Tier 4 Data Centers in El Segundo, CA. Data centers are monitored 24 hours a day by security personnel and include a full suite of physical and environmental controls.

We consistently improve accessibility on all our products and strive to adhere to WCAG AA and 508c compliance standards.

 

Didn't find the answers you were looking for?

Send us your questions here.