Security in Transit and At-rest
While data is at rest, it is encrypted, and while it is in transit it is protected through SSL and TLS 1.2 encryption.
The connection between the client and the presentation layer uses an encrypted SSL (https) 256 BIT certificate connection along with username and passwords with optional two-factor authentication.
Our solutions use secured, encrypted (https) WCF web services for connections between the presentation layer and the service layer.
- All passwords and selected fields throughout the database are encrypted with SALT.
- All SSL certificates are regenerated every 2 years to meet the latest CA/B Forum security standards.
- Privacy is further ensured through document encryption where sensitive documents are password protected with 256-bit AES encryption. When we encrypt files with a password, the password is encrypted in the system. We also encrypt any sensitive data fields in the system.
Security, Privacy, and Confidentiality
We work with all our customers to define the Roles and Permissions where users can safely maintaining client confidentiality without complex or time-consuming settings. We provide training and helpful tips on how to protect confidentiality and privacy and make working with our tools and across groups straight-forward.
One of Run Straight's value-adds is that if there are any data classification or security concerns identified by ourselves, the customer, or by third-parties, Run Straight can make the required adjustments in-house with our level of access and control over the entire infrastructure and code.
Exceeding Data Classification Security Requirements
Run Straight products have successfully been certified several times through the rigorous 'high-security' level of Privacy Impact Assessment (PIA), and the Threat Risk Assessment (TRA). If there are any data classification constraints identified during the solution delivery, Run Straight can make the required adjustments if needed as Run Straight owns all the code and changes to meet customer needs with our level of access and control over Run Straight's infrastructure and code.
Our Security Policies cover:
- Application Security
- Security in Transit and At-rest
- Active Monitoring, and our Run Straight Information Security Objectives & Controls for:
- Incident Management Policies & Procedures Guide
- Security Policy & Breach Procedures
- Customer Communications Plan
- RS Internal Policies & SOPs
- Service Continuity Plan
- Password Management Policy
Our solutions have robust implementation features for Password Management, Access and Authentication. Authentication is performed through:
- Forms, SAML or Windows/Azure AD with optional Two Factor Authentication (SMS, Email, SurePass hard/software token)
- 2FA code can have optional User PIN plus token code or just token code
Users can reset their passwords from their profile at any time, or if they have forgotten their password they can request a password reset from the login page.
Run Straight uses its own Active Monitoring services using our own RS-Reports and Service Desk. Active Monitoring looks for multiple types of malicious activities, poor performance, unexpected API connections, general statistics, unexpected events and errors. All results are channeled to our RS-Reports and Global Incident Management System using ITSM standards.
With our latest releases of RS-CMS we have brought our customers several new innovations. These include enhanced reporting capabilities, a separate Auditing module to enable greater continuous improvement, more integration with other Microsoft Services including Office 365 Applications, Power BI, and SharePoint Enterprise Content Management and Analytics with Active Monitoring. We have also developed additional mechanisms for customers to securely enter and managing case information by speech-to-text and through SMS. We have also integrated Learning Management Services and Service Desk features for even better user adoption and support with our available Full Service (Tier 1 to 5) Service Desk.