Security

SSL/TLS

Pims software is configured using Best Practices for SSL and TLS Deployments as provided by Qualys SSL Labs. Settings are continuously reviewed and updated as needed.

More technical information regarding SSL/TLS Best Practices can be found here

Encryption

Data is encrypted at rest by Windows Server and Azure Storage Encryption. All writes are encrypted by using 256-bit AES Encryption. Data in transit is protected by 256-bit SSL Encryption using a 2048-bit RSA key.

For more information regarding Azure storage and encryption, visit this link

Access

Pims software can be configured with both single and multi-factor authentication access. For single factor authentication, we utilize SQL Server Authentication. Multi factor authentication can be either Active Directory Federation Services or Office 365 authentication.

Logging

All user access and user actions to the system are logged and auditable.

Policy Review

Our Security Policy is subject to a continuous ongoing review process. As the landscape of security issues and threats are rapidly changing, the security policy is updated when the need for changes emerges.

Security Audit

Internal Security audits are performed annually in cooperation with our partner KPMG.

Software development

Software development with Data Protection by design, please see document

Backup & DR

Encrypted backup

Databases are backed up using SQL Server system procedures to Azure Storage Services. Filesystem data is backed up to Azure Backup Vault, both backup methods utilize encryption of data at rest using 256-bit AES encryption.

More information regarding Azure Storage and Azure Backup Vault can be found here and here

Monitoring of backup schedules

Backups are monitored and alerts are sent notifying Pims technical staff if there are anomalies in the backup schedules. Appropriate action will then be taken to remedy the situation in case of failures.

Disaster Recovery

Disaster Recovery policies have been developed to minimize RTO and to provide clear guidelines in the event of system failure requiring a DR. Our policies are continuously reviewed, and technical staff are regularly trained in DR scenarios to ensure best possible service and minimal downtime of solution in the event a DR needs to be performed.

Architecture

SLA

Standard SLA for a Pims Cloud installation is 99.5% guaranteed availability. Availability will be calculated monthly, and in the event of an SLA breach the customer will be credited for the registered downtime.

Exclusions. Downtime caused by any of the events noted below will be excluded from the Hosted Service availability calculations (“Excused Outages"):

  • Customer environment issues affecting connectivity or interfering with the Hosted Services, including without limitation, Customer’s connection to the Internet (i.e., problems with the Customer’s Internet Service Provider, modem, cable, DSL or dial-up connection, cellular phone connection, Wi-Fi or mobile hotspot, or other Customer Internet connectivity issues) or any other Customer software or equipment, Customer’s firewall software, hardware or security settings, Customer’s configuration of anti-virus software or anti-spyware or malware software, or operator error of Customer.
  • Third party attacks, including without limitation, hacks, intrusions, distributed denial-of-service attacks or any other third party actions intended to cause harm to or disrupt the Hosted Services, the Pims Solution's servers (including without limitation, ecommerce software, payment gateways, chat services or third party archiving services).
  • Verified bugs of any third party software used in conjunction with the Hosted Services (including Microsoft software) hardware failure and failure of third party professional services.
  • Force majeure events, including, without limitation fire, flood, earthquake, elements of nature or acts of God; third party labour disruptions, acts of war, terrorism, riots, civil disorders, rebellions or revolutions; quarantines, embargoes and other similar governmental action; or any other similar cause beyond the reasonable control of Omega AS.
  • Issues related to third party domain name system (DNS) errors or failures.
  • Scheduled maintenance of the Hosted Services, conducted on a regular basis, weekly and monthly. Maintenance details will be posted in Pims Management Center.
  • Emergency maintenance of the Hosted Services, not to exceed 2 hours in any month.

Customer Solution Isolation

Each client's application has its own Azure environment, isolated from other clients' applications.

Physical Security

All application data is hosted in Microsoft Azure datacentres. These meets a broad range of international and industry-specific compliance standards. Rigorous third-party audits, such as by the British Standards Institute, verify Microsoft Azure's adherence to the strict security controls these standards mandate. Please see Azure Trust Center for compliance information here

Redundancy

By default, Azure installations have SLA of 99.9% guaranteed uptime.

If requested by the customer, Pims Cloud solution can be configured with redundancy as outlined in this document from Microsoft. As well as Azure Reference Architectures outlined here.

Note: this is not a standard offering and will be handled individually for each customer.

Integration

Office365

Through our integration to Office 365 (Graph API) we can provide Single Sign On, SharePoint, files and mail integration

Power BI

Using our API, it's possible to integrate Pims with PowerBI. Access to select resources can be managed from Pims, on a per user basis. This gives great flexibility and control over who has access to the information and what information is being accessed.