Security

Security is a big topic for System One. In this document you will learn about various technical and organizational measures we take to keep your data in our application secure.


Security Team

Our team is constantly monitoring security notifications from all 3rd party software libraries and if identified, we immediately apply any relevant security patches as soon as they are released.


Encrypted communication:

Communication between clients and our servers are encrypted with SSL (Secure Sockets Layer). This link ensures that all data passed between the web server and browsers remain private and integral.


Infrastructure:

All of System One's application and data infrastructure is hosted on Microsoft Azure Cloud, a highly scalable cloud computing platform with end-to-end security and privacy features built in.
Designed with redundancy, fault tolerance and disaster recovery at the forefront, our services are distributed across different zones. All our infrastructure has production access restricted to operations support staff only. This allows us to leverage complete firewall protection, private IP addresses and other security features.
For more specific details, please refer to https://www.microsoft.com/en-us/trustcenter/security/azure-security.


Data Center

All data is stored in HIPAA compliant Microsoft Azure infrastructure, housed in Microsoft-controlled data centers. Only those within Microsoft who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. It is safe to say Microsoft is much better at physical security than we are capable of being, so we leave it to them.


Application

Company-specific data is kept separate through logical separation at the data tier, based on application-level access permissions and roles.