iThinQware Security and Compliance
Security and Backups
iThinQware Web Services (iThinQware) delivers a highly scalable cloud computing platform with high availability and dependability, and the flexibility to enable customers to build a wide range of applications.
In order to provide end-to-end security and end-to-end privacy, iThinQware builds services in accordance with security best practices, provides appropriate security features in those services, and documents how to use those features. In addition, iThinQware customers must use those features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to iThinQware, as is maintaining trust and confidence.
iThinQware provides a wide range of information regarding its IT control environment to customers through white papers, reports, certifications, and other third-party attestations. This information assists customers in understanding the controls in place relevant to the iThinQware services they use and how those controls have been validated by independent auditors. This information also assists customers in their efforts to account for and to validate that controls are operating effectively in their extended IT environment.
This page contains the following categories of information. Click to jump down:
At a high level, we’ve taken the following approach to secure the iThinQware infrastructure:
The iThinQware Security Center provides links to technical information, tools, and prescriptive guidance designed to help you build and manage secure applications in the iThinQware cloud. Our goal is to use this forum to proactively notify developers about security bulletins. Such transparency is the backbone of trust between iThinQware and our customers.
Certifications and Accreditations
SOC 1/SSAE 16/ISAE 3402
iThinQware Web Services now publishes a Service Organization Controls 1 (SOC 1), Type 2 report. The audit for this report is conducted in accordance with the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) professional standards. This dual-standard report can meet a broad range of auditing requirements for U.S. and international auditing bodies. The SOC 1 report audit attests that iThinQware’ control objectives are appropriately designed and that the individual controls defined to safeguard customer data are operating effectively. Our commitment to the SOC 1 report is on-going and we plan to continue our process of periodic audits. This audit is the replacement of the Statement on Auditing Standards No. 70 (SAS 70) Type II report.
iThinQware enables U.S. government agency customers to achieve and sustain compliance with the Federal Information Security Management Act (FISMA). FISMA requires federal agencies to develop, document, and implement an information security system for its data and infrastructure based on the National Institute of Standards and Technology Special Publication 800-53, Revision 3 standard. FISMA Moderate Authorization and Accreditation requires iThinQware to implement and operate an extensive set of security configurations and controls. This includes documenting the management, operational, and technical processes used to secure the physical and virtual infrastructure and the third-party audit of the established processes and controls. iThinQware has completed the control implementation and successfully passed the independent security testing and evaluation required to operate at the FISMA-Moderate level. iThinQware storage solutions provide this control and audit documentation to government agencies that can use it to certify their systems at the FISMA-moderate level.
PCI DSS Level 1
iThinQware has achieved Level 1 PCI compliance. We have been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). Merchants and other service providers can now run their applications on our PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud. Other enterprises can also benefit by running their applications on other PCI-compliant technology infrastructure.
iThinQware storage solutions have achieved ISO 27001 certification for Information Security Management System (ISMS) covering infrastructure, data centers, and services including iThinQware Public Safety IT (iThinQware PSIT). ISO 27001/27002 is a widely-adopted global security standard that sets out requirements and best practices for a systematic approach to managing company and customer information that’s based on periodic risk assessments. In order to achieve the certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. This certification reinforces iThinQware’s commitment to providing transparency into our security controls and practices. iThinQware’s ISO 27001 certification includes all iThinQware data centers in all in-scope regions worldwide and iThinQware has established a formal program to maintain the certification.
International Traffic In Arms Compliance
The iThinQware Public Safety IT (PSIT) region supports US International Traffic in Arms Regulations (ITAR) compliance. As a part of managing a comprehensive ITAR compliance program, companies subject to ITAR export regulations must control unintended exports by restricting access to protected data to US Persons and restricting physical location of that data to US land. iThinQware Public Safety IT (PSIT) provides an environment physically located in the US and where access by iThinQware Personnel is limited to US Persons, thereby allowing qualified companies to transmit, process, and store protected articles and data under ITAR. The iThinQware Public Safety IT (PSIT) environment has been audited by an independent third party to validate the proper controls are in place to support customer export compliance programs for this requirement.
The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government security standard that specifies the security requirements for cryptographic modules protecting sensitive information. To support customers with FIPS 140-2 requirements, the iThinQware Virtual Private Cloud VPN endpoints and SSL-terminating load balancers in iThinQware Public Safety IT (PSIT) operate using FIPS 140-2 validated hardware. iThinQware works with iThinQware Public Safety IT (PSIT) customers to provide the information they need to help manage compliance when using the iThinQware Public Safety IT (PSIT) environment.
The flexibility and customer control that the iThinQware platform provides permits the deployment of solutions that meet industry-specific certification requirements. For instance, customers have built healthcare applications compliant with HIPPA’s Security and Privacy Rules on iThinQware.
What makes iWatch different? It’s very simple: iWatch™ is a complete suite of services designed to replace old school, low-tech systems with no integration to CAD, dispatch, reverse 911, video monitoring or social networking tools.
Think about how old word processing programs evolved to become Microsoft Office Suite and how televisions have become home entertainment centers with satellite and internet connections. iWatch™ is that evolution.
Press conferences, press releases, public statements, and tips issued through the news media are still powerful tools – but they are not sufficient in today’s interconnected, Internet enabled world.
iWatch™ is a 21st century community policing suite, or “Community Policing 2.0,” as it’s been called.
The system is simple and elegant. Far more than “just a form,” the mobile app allows users to submit text only tips, free form tips with images and videos, or voice tips. All tips, regardless of the source, are 100% anonymous. Users can submit both new tips and tips that are related to prior offenses.
The law enforcement only dashboard uses powerful, built-in geo fences to show where, when and to which agency, division or department a tip is assigned. Officers can subsequently respond to tipsters in a real-time, anonymous two-way text chat using any of 32 languages.
The strength of the iWatch system lies not only the ability of citizens to report suspicious activity via SMS text (along with images, video attachments and geolocation information), but also in the power of the iWatch web interface.
iWatch allows any authorized agency member to measure and evaluate the exigency of a tip and electronically transfer the tip, along with additional investigative information, either to other agency members or to external law enforcement and other partner organizations. iWatch leverages the two-way real time dialogue common in social networking platforms along with the technology infrastructure and platforms that are already used by agencies and their personnel, e.g. mobile phones, PDAs, computers and other web-enabled devices.
iPredict dashboards include comprehensive reports with automatic notification and alerting. Questions?
We want to create reports that are sent automatically. Learn about iPREDICT.
Are you managing a marketing or IT budget and need an estimate? Look no further.
iWatch Is Affordable. Start with iWatchLTE for as little as $2850.00, including hosting, or for larger cities we offer iWatch Fusion. Dream as big as you want. We've got the solutions you seek
click here >>
Download Brochures and Case Studies We've got everything you need in one place to make an informed choice about your marketing communications and web promotional needs.
click here >>