Bonterra takes all necessary precautions to ensure that data is kept safe, confidential and recoverable in the case of a disaster. Our Efforts to Outcomes (ETO™) software meets current HUD Domestic Violence, HMIS, Social Security Administration (SSA), and HIPAA data management and security protocols.
Table of Contents
How are user accounts managed?
What guidelines control ETO's password functionality?
How does program security affect users and their access to data?
Is ETO software encrypted?
How are Encrypted Data Discs secured?
How do I know that it's safe for Social Solutions employees to access our data?
Where is data stored? What security elements are present at the storage facility?
How are servers secured?
What about visitor access?
Do the servers have anti-virus protection?
What is the plan if there is a disaster of some sort?
Best Practices/Certification
Redundant Infrastructure
Backups
Schedule
Retention Policy
Disaster Recovery Testing
Scope of the Policy
Services included in maintenance
Services outside the scope of maintenance
Data Security
How are user accounts managed?
The ETO web application utilizes username and password functionality to prevent unauthorized application access and roles to restrict user access to components within the application. Each unique login is assigned one of nine customizable levels of access, and these levels can be customized to allow certain users access to programs and features that other users should not necessarily have access to. Role levels typically range from Administrators who manages all the structural elements of the data (often as many as 100 features), Program Managers who have access to individual and aggregate staff and client information (typically 20-30 features), to end-users who have the narrowest needs (typically 10-15 features).
Enterprise Manager - Manages sites across the web address/URL.
Site Manager - Can make changes to the site with wizards and management features.
Department Head - Can run queries on site-wide data.
Program Manager - Can supervise staff work through ETO using the multiple management features below Administration on the Navigation Bar.
Staff - Enter data on demographics, attributes, processes, assessments, Point of Service elements, etc.
Funder/Reports Only - Can run reports only, no data entry.
Intake - View demographics and enter reliable contacts only.
Survey Taker - Take a survey and/or self-assessment.
Entity Self Service - Entity self-assessment and update own attributes.
Requests for changes to access levels and password resets are funneled back to the client’s internal Site Administrator. ETO Support will provide support to the local administrator as needed to understand the implications of these changes.
What guidelines control ETO's password functionality?
Bonterra recognizes the importance of maintaining secure and confidential access to client data. To that end, ETO software offers a password protection and management tool.
All users must have a unique identifier (i.e., username)
Passwords can be set to have a minimum length and contain a minimum number of numeric and non alpha-numeric elements
Passwords can be reset (this is manageable at the site or system level)
Access to password files is restricted
Passwords are not displayed upon entry
How does program security affect users and their access to data?
Data housed in ETO is stored and processed separately according to programs. For example, users who are working on the ABC project access and process ETO data separately from users working on the XYZ project. Users assigned to the ABC program or the XYZ program can only see data for the participants, services, or outcomes associated with that program. More specifically, ETO users on the ABC program cannot access or view data belonging to an ETO user for the XYZ program. Users without access to any program cannot see any data. This protection extends down to the program level. One user in one program cannot see data in any another program from within that program. Confidential data stored in ETO is protected by file or volume encryption.
Is ETO software encrypted?
The application is accessed by users via a secure HTTPS connection to the ETO software web application server. The HTTPS protocol, which is designed to prevent eavesdropping and tampering, provides a secure communication channel to ETO application.
How are Encrypted Data Discs secured?
Data files stored on Elastic Compute Cloud (EC2) instances reside on a Microsoft New Technology File System (NTFS) volume, which uses Microsoft’s Elastic File System (EFS) encryption. EFS uses a FIPS-validated 256-bit AES encryption method on all the databases on the volume as it is stored. The encryption persists for the life of the volume. EFS makes the data accessible only to users with authorized access, and makes it inaccessible to software that circumvents normal access control, such as if the media were stolen. All these uses of encryption employ government-approved algorithms and implementations that are FIPS 140-2 compliant.
How do I know that it's safe for Bonterra employees to access our data?
All prospective employees of Bonterra undergo a basic background check prior to their hiring. This screening process includes fingerprinting, confirmation of prior employment, and address checks. Each employee signs confidentiality/non-disclosure agreements as a condition of their hire.
Physical Security
Where is data stored? What security elements are present at the storage facility?
All ETO data entered or modified by ETO users is stored on dedicated servers, isolated via a Virtual Private Cloud (VPC), in a MySQL database located within Amazon Web Services (AWS). ETO is accessed by users via a secure HTTPS connection to the ETO web application servers.
How are servers secured?
Bonterra uses a third-party 24/7 security service company that monitors Bonterra's infrastructure for any anomaly in our network including intrusion, detection and prevention. ETO goes through regularly scheduled, once-a-quarter, penetration testing and weekly vulnerability testing.
What about visitor access?
AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
AWS only provides data center access and information to employees and contractors who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical access to data centers by AWS employees is logged and audited routinely,
Do the servers have anti-virus protection?
All of our servers have Microsoft's Forefront Anti-Virus software installed with the following features set forth:
Anti-virus: inbound/outbound network monitoring against known virus and worm signatures, as well as deletion of detected and/or blocked virus and worms.
Network monitoring of HTTP, HTTPS, SMTP, and FTP traffic for known signatures corresponding to abnormal behavior and attacks against end users.
Spam filtering: inbound/outbound network monitoring and detection of unsolicited or spoofed SMTP and POP mail.
Disaster & Data Recovery
What is the plan if there is a disaster of some sort?
Bonterra uses Amazon Web Services (AWS) hosting facilities for data protection, disaster recovery, and backup strategy. As part of this partnership, Bonterra’s clients receive the benefit of a world-class managed and fully redundant data center infrastructure.
Best Practices/Certification
AWS security certifications such as SOC1 allow us to remain compliant with your data. Standards such as AES 256, which enables encryption of data at rest, ensures no one can view your data. Amazon Virtual Private Cloud allows us to create a private facing subnet for databases and application servers, in order to have more security control around your mission critical workloads.
Redundant Infrastructure
24/7/365 monitoring of up-time across the infrastructure.
Fully redundant internet connections.
Redundant Utility Feeds and power backed up by multiple UPS and power generators.
Objects are redundantly stored on multiple devices across multiple facilities within a region.
Backups
All ETO software servers are backed up nightly using Quest/Dell NetVault Backup software. For added security, the backup data is encrypted using AES-256 algorithm.
Schedule
Nightly full backup of all ETO Data using AES-256 encryption algorithm.
Retention Policy
Disaster Recovery Testing
The disaster recovery process is tested annually.
Maintenance Policy
Scope of the Policy
The following services are provided exclusively to customers who have executed an ETO™ Solution Order Form (“Order Form”) subject to a Master Services Agreement and are current in their payment for the ordered Services. Capitalized terms used but not otherwise defined in this Policy shall have the meanings given to them in the Master Services Agreement. Bonterra reserves the right to modify the technologies in this Policy provided they provide equal to or better protection of Bonterra’s servers or the Content.
Services included in maintenance
Security: Bonterra will maintain standard 128-bit Secure Socket Layer (SSL) encryption. Bonterra’s servers will be protected by regular system-wide and Customer specific security audits. Operating system security releases are promptly installed and updated.
Data Backup: All servers are backed up daily to tape drive; Bonterra preserves the end of week tape which is securely stored off site. After 6 weeks, Bonterra preserves the end of month tape for historical purposes. If Customer’s data is lost as a result of the failure of hardware, Service or networks not directly controlled by Bonterra, Bonterra shall commence restoration within five (5) hours of notification from Customer and will use commercially reasonable efforts to restore Customer’s data as of the last archive.
Maintenance: Bonterra will use all commercially reasonable efforts to provide such error-correction services as may be required to ensure that Bonterra’s applications remain in substantial conformance with current functionality.
User-Support: Bonterra will provide such user support as may be required to promote the reasonable understanding and consistent use of the Service as currently configured. Standard user support is available via phone and email between the hours of 8:00 am and 8:00 pm, Eastern Standard Time, Monday through Thursday and Friday, 8:00 am to 6:00 pm Eastern Standard Time exclusive of holidays as may be established and amended by Bonterra from time to time. Bonterra shall provide user support in accordance with Appendix A to this Policy.
Upgrades: Bonterra reserves the right to make such upgrades to the Service as may be necessary from time to time. Where applicable, Bonterra shall use commercially reasonable efforts to notify Customer and its Authorized End-Users of such upgrades within ten (10) business days of release and cause minimal user-level interruption. Where applicable, SQL Server and Microsoft Windows upgrades will be kept current with Microsoft-specified standards. Once deployed, these upgrades become functional components of the Service.
Case Management Process: Bonterra's problem-ticket system will be used by all support team levels to record and track all problem reports, inquires, or other types of calls received by level 1 Support.
Dependence on other Entities: Bonterra may be dependent on other entities to provide Customer with the services (i.e., help desk, database services, etc.), and external suppliers (i.e. Microsoft, System Source, etc.) in providing support services to Customer. Bonterra will manage the interface into those suppliers as it relates to the provision of services under this SLA. The list of organizations and vendors that Bonterra may be dependent on may be changed solely at the discretion of Bonterra.
Services outside the scope of Maintenance
The following are outside the scope of Maintenance and will not be provided unless there is an Order Form identifying the services and costs for providing them.
Evaluation of new Service or hardware - Evaluation or approval of new Service or hardware for Customer’s internal use. This includes systems developed outside of the Website and Service, such as third-party systems, or systems developed by Customer.
Procurement of new Service or hardware - Procurement of new Service or hardware for Customer’s internal use, or for use by internal staff of Customer. All Service or hardware required for Customer to access Bonterra’s Services will be Customer’s responsibility.
On-call support management - Bonterra’s support managers are not required to be on call. If at a later date Customer requires the support manager to be on call for a specific purpose, or on a longer-term basis, then the support managers will be compensated at the then standard on-call rate, and the Customer shall be charged for this service.
Custom Reporting - Bonterra may, at its own discretion, meet a specific requirement for a report requested by the Customer. This effort will be billable at the then current rate and be outlined to the Customer before any work begins. This work will be scheduled strictly on a first come, first served basis. Additional charges may result if Customer requests an increase in the priority of their request.
Customer requested training - Bonterra will provide Customer-requested training on a time and material basis. Bonterra training staff will be compensated at the then current rate for education by the Customer. Bonterra strongly encourages its Customers to take advantage of the free training provided by Bonterra on a regular basis through the support organization. Bonterra also offers recordings of some of its classes. Visit the Training page on the Bonterra website to learn more.
Upgrades to application Service and associated hardware - Periodically, Bonterra will upgrade or will require an upgrade of an existing system or third-party Service housed at Customer’s site in order to maintain support. These upgrades may include a requirement for Customers to upgrade operating systems and/or browsers and other Service.
Assistance with Customer’s application usage - Advice about or education on how to use applications, including completing transactions, creating users within or for an application, or on the purpose of an application other than applications provided by Bonterra.
Assistance with Customer’s application environment support - Advice about how to use, maintain, and support application environments, including application development tools, application server Service, and databases other than applications provided by Bonterra.
Assistance with application usage when unsupported or nonstandard hardware or Service is involved - Use of unsupported or nonstandard hardware or Service often results in unexpected behavior of otherwise reliable systems.
Enterprise Administration - Defined as activities relating to the customization and use of Bonterra applications for use by the Customer. Customer is required to provide a technical resource (“Enterprise Administrator”) to provide administrative support for Bonterra’s applications on an ongoing basis.
Enterprise Administration Services - Should the Customer be unable to provide an Enterprise Administrator, Bonterra will provide such a resource on behalf of the Customer. This resource will be billable to the Customer at Bonterra’s then-current rate for enterprise administration services.
New development - Any change in a database or system that involves functionality not within the current production version of the Service, even if the new functionality would seem to be an improvement over the old one.