FAQ
PowerDMS has implemented an organization-wide governance, risk, and compliance (GRC) program that identifies, assesses, mitigates, and monitors risks to our customer’s data and infrastructure supporting our services. Security mechanisms include:
- Monthly network and system vulnerability scans and corresponding security patching program
- Biweekly dynamic and static code analysis sans
- Annual third party penetration tests
- At-rest and in-transit encryption
- Production code library file integrity monitoring
- Perimeter firewalls and intrusion detection systems
- Security logging implemented at every level of infrastructure
- Centralized logging and monitoring application that alerts employees when security events are detected
- Enforced two factor authentication process for any employee accessing production infrastructure
- Annual third party assessments including SOC 2 and HIPAA AT 101
Please see our SOC 2 report for a full list of implemented and assessed security mechanisms.
Yes, PowerDMS has been assessed by a validated third party against the following:
- SOC 2 Type 2
- Health Insurance Portability and Accountability Act (HIPAA)
- Criminal Justice Information Services (CJIS) Security Policy
Please see our SOC 2 report for a full list of implemented and assessed security mechanisms.
PowerDMS has taken steps necessary to protect criminal justice information (CJI) maintained by government and civilian agencies. Through data encryption (both in transit and at rest), internal background checks, and physical safeguards to protect data, our customers can be assured that PowerDMS meets nationally-recognized guidelines for the protection, transmission, storage, and generation of CJI.
Yes. PowerDMS by NEOGOV supports Single Sign-On from third-party identity providers and protocols including SAML (Okta, AzureAD, PingFederate, Shibboleth and other SAML 2.0 compliant IdPs), ADFS via WS-Federation, and Oauth/OpenID Connect via AzureAD.
Click here for instructions on configuring Microsoft ADFS 2.0 for PowerDMS Federation
Click here for instructions on configuring SAML for PowerDMS
Yes. PowerDMS provides a tool, free of charge, to sync user and group information to PowerDMS.com – securely over SSL – on a one-time or scheduled basis. PowerDMS SYNC can import data from either .CSV files or via LDAP (with Active Directory, for example).
Click here for an introduction to PowerDMS SYNC
Production systems for PowerDMS are housed in AWS GovCloud SOC 2 assessed data centers, and NEOGOV’s Tier 4 Data Centers in El Segundo, CA. Data centers are monitored 24 hours a day by security personnel and include a full suite of physical and environmental controls.
We consistently improve accessibility on all our products and strive to adhere to WCAG AA and 508c compliance standards.
Didn't find the answers you were looking for?