Our Security Measures
The inReach Network team takes great strides to ensure your data is secure by addressing security from many angles. Below are some of the security measures included in the inReach Network system.
Secure Cloud Environment
The inReach Network system runs on Amazon Web Services (AWS). AWS is a proven, reliable, fault-tolerant, scalable and highly available cloud service. Features available at AWS include firewall protection, state of the art fire detection and suppression, constant operating temperature and climate, redundant power supply and network connectivity methods, numerous compliance certifications and strict physical security of data centers.
The inReach Network system resides in an Amazon Web Services (AWS) Virtual Private Cloud (VPC) which is a virtual network dedicated to the inReach system. It is logically isolated from other virtual networks in the AWS cloud.
Secure Web Applications
Web application security scans are utilized to discover potential security vulnerabilities and architectural weaknesses. Security scan results are analyzed to determine if additional security precautions need to be implemented.
High priority patches are applied as soon as possible to alleviate vulnerabilities and threats.
Secure Access to Data via Encryption
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are utilized for ensuring an encrypted link between web servers and browsers so data transfers remain secure and protected. Front-end web servers request and obtain data from the database servers through API servers. After users are authenticated, an encrypted JSON Web Token (JWT) is created which identifies the user. All API requests must include the JWT Token to verify the user is authorized to perform the requested operation. Tokens are implemented with expiration policies.
Access to Data Logically Controlled
Access to data through the inReach Network applications is strictly controlled by organization ownership, users and roles. Assigned organization administrators have full control over user accounts and access levels for their organizations.
Users of the inReach Network will only see information and case files when appropriate permission is granted. Sharing case files amongst organizations are to be approved by the client. Approvals are to be stored in the case file.
HIPAA compliance of data has been verified by legal counsel. Multiple warnings are posted within the system to remind users to not enter HIPAA information in case files or when applying for assistance.
PII compliance of data has been verified by legal counsel. Multiple warnings are posted within the system to remind users to not enter PII information in case files or when applying for assistance.
Access to Data for Support Personnel
inReach Network Tier 2 support personnel do not have access to an organization’s data (including case files) unless granted by an organization’s administrator.
Only a small number of highly trained inReach Network Tier 3 support personnel have access to the inReach Network database tables. Tier 3 will not have access to an organization’s data through the application unless granted by an organization’s administrator.
Database backups are stored for 7 days within the AWS environment. Also, database snapshots are taken every 5 minutes. In the event of catastrophic failure within the AWS data center, there will be no more than a 5 minute loss of data.
USER LOGIN SAFEGUARDS
Complex User Password Requirements
Strong passwords are required for access to the inReach Network system. Passwords must be a minimum of 8 characters in length and must contain at least one upper case letter, one lower case letter and one number.
inReach Network users will be logged out after a period of inactivity to reduce the likelihood of an unauthorized person accessing their account.
Passwords Reset on a Regular Basis
User passwords must be reset, at a minimum, every 90 days. A password cannot be reset to it’s prior value forcing the user to choose a new password.
Disabling User Login After Unsuccessful Logins
After numerous unsuccessful attempts of logging in, a user’s login will be disabled. Users can follow the necessary steps to reset their password.
Email Notification When Your Email Address Has Changed
If a user’s email address is changed, they will be notified via email to the prior address and the new address. If the user did not change their email address they will be directed to contact their system administrator.
Email Notification When Your Password Has Been Changed
When a user’s password is changed, they will be notified via email. If the user did not change their password they will be directed to reset their password and contact their system administrator.
Strong Password Encryption
User passwords are stored using Security Hash Algorithm (SHA) encryption.
The inReach Network administrators take data security very seriously and stay up to date on trends to ensure optimum security.