Security for compliance & peace of mind.

We use best practices to make sure your data is secure and accessible by partnering with nationally recognized vendors for server hosting, monitoring and backups. Encrypted data transmission, activity and modification reports, and user permissions all uphold HIPPA compliance.

Permissions

You can customize every user’s access to SAM by very specific criteria, such as Children in a specific country, stage, Social Worker, County, date or program. These criteria are available for any field, so you have vast options in determining the view a user has to client records.

Permissions also determine if users can develop lists, build templates, work with events, send bulk emails and view system modifications. Permissions are applied throughout SAM, including reports. Access Denied messages alert users of their Permission limits and this is tracked for auditing.

Hosting Environment

Our Dedicated Servers are hosted in a secure, professional hosting environment.

Our web and database servers are physically separate servers connected by a private network, so the data goes directly between the servers. Our servers are considered "Enterprise" level and have Intel Xenon processors with redundant hard drives.

Each client's database is soloed to ensure that there isn't a way for user's of one database to gain access to another. This is why there is a unique login link for each database.

Encryption

SAM automatically redirects users to a secure 128-bit (2048 bit Public Key) SSL Connection. Encrypted fields are stored using a database-unique 64 character key and unique salt per record/field. User's passwords are stored in a one-way hashed format, meaning it cannot be decrypted, so that even database administrators could not login to SAM as another user.

Data Backup

We perform database backups nightly and use the Amazon S3 and iDrive backup services to backup offsite. All offsite backups are automatically encrypted with a security key only known to the corporate officers. Offsite backups are incremental and can be restored up to 3 months in the past. 

Also, all our servers deploy a form of redundant RAID so that a hard disk failure doesn't loose any data. 

Added User Security

Users are issued a special session token at authentication at login, which expires after period of inactivity and logout. The session token is validated at each user page request. 

Firewall

Our web servers have a firewall that prevents all incoming connections except HTTP, HTTPS, RDP, and ServerBeach LifeGuard Monitoring. Our database servers have a firewall that prevents all incoming connections, except the SQL Server port from the web server. 

Latest Updates and Patches

Our servers automatically install the latest updates and patches, and we ensure that they are restarted at least weekly if required by the updates.

Framework

SAM is built using ASP.NET 2.0 framework, runs in IIS6 or IIS7, uses SQL Server and is optimized to take advantage of new data types and query options. We use AJAX to achieve lightning fast responsiveness and load times.

Documents and Photos are stored outside of the database to maximize speed moving around in SAM, and authenticated for access to the document with user's permission level, as an additional layer of security.

Access Restrictions

Only the main Administrators at Inreach have login access to the hosting servers. We don't allow any third-parties or contractors to log in to our servers; not even our hosting provider. 

An FBI background clearance is performed on every Inreach employee or contractor, and access to a client’s system is only provided when necessary for support or troubleshooting purposes. A unique login with a unique password is required for each systems that an Inreach employee or contractor has access to. Any pages viewed by an Inreach employee or contractor are tracked via the Activity Tracking report and data modifications are tracked via the Modification History report.