PowerDMS has an organization-wide governance, risk, and compliance (GRC) program that identifies, assesses, mitigates, and monitors risks to our customer’s data and the infrastructure supporting our services. Here are some of our security mechanisms:
PowerDMS also maintains SOC 2, CJIS, and HIPAA compliance. Reports may be available upon request. Please see our SOC 2 Type 2 summary report for a full list of implemented and assessed security mechanisms.
The PowerDMS infrastructure is load balanced across three AWS GovCloud data centers, which are designed to anticipate and tolerate failure while maintaining service levels. In case of failure, automated processes move traffic away from the affected area. Core applications are deployed to an N+1 standard, so in the event of a data center failure, there is sufficient capacity to load-balance traffic to the remaining sites. In addition, PowerDMS includes a feature that lets your site administrators extract your data from the application directly.
Yes. We maintain data in geographically dispersed data centers with disaster-recovery systems in place. This guarantees both data integrity and data availability in the event of any data center-wide outage. Should such an event occur, failover to data recovery systems will happen to minimize any interruption in service.
Yes. All of our customer data is encrypted in transit and at rest. We ensure a minimum AES-256bit level encryption (FIPS140-2 certified), and at no time is any customer data left in an unencrypted state, including data that has been backed-up.
We deploy industry-leading technology including IDS, IPS, Log Monitoring, and WAF, and we partner with security experts to ensure the highest level of security. We also monitor and apply necessary patches and updates to ensure our environments are secure from any exploits or attacks, following a strict patch management life cycle, which includes assessment and testing prior to applying patches. In addition to monitoring, blocking, and patching, we perform regular third-party audits and tests of all layers of our application.
The security measures listed above are directed, managed, and monitored by a governance, risk, and compliance (GRC) committee that meets quarterly to discuss upcoming security projects, review security alerts and events, and drive risk mitigation. Members of the GRC committee include our CTO, Director of Software Engineering, IT Director, Legal Counsel, DevOps Lead, and Security Officer.
Yes. We have been assessed by a validated third party against the following standards:
The PowerDMS production network and system components are managed in AWS GovCloud data centers, designed to anticipate and tolerate failure while maintaining service levels. All customer data is fully encrypted in transit and at rest. Through third-party testing of AWS GovCloud data centers, we make sure they have appropriately implemented the measures needed to obtain security certifications that support controls around security, redundancy, and all critical support elements.