Is my Neoserra database secure?
Yes! OutreachSystems provides state-of-the-art Client Activity Tracking Systems that are designed to never compromise your clients' data. We know that security is crucial to you and your clients, which is why we also make security our top priority.
First of all, OutreachSystems will apply all reasonable safety and security measures to protect against unauthorized access to your data. Our staff may access your database solely for the purposes of assisting you with customer service requests. Our terms and conditions clearly state that we will never use your data for any other purpose:
- OutreachSystems will not sell, lend, rent, encumber, pledge, lease, or transfer Customer's Property. Except as authorized by the Customer, OutreachSystems will not disclose to any other party, or use for its own benefit, any data contained in Customer database.
Your Neoserra database is hosted in two separate secure co-location facilities - one located on the East Coast, servicing all clients in the Central and Eastern time zones; and one located on the West Coast, servicing all clients in Western and Mountain time zones. The co-location facility is managed by Amazon and provides 24-hour physical security, redundant electrical generators, redundant data center air conditioners and other back-up equipment designed to keep servers continually up and running. Unauthorized users are not able to access the Neoserra servers where your database is hosted.
Backup and Recovery
The Neoserra databases are hosted in two separate Amazon Web Service (AWS) regions: AWS Oregon and AWS N. Virginia.
Each night, every Neoserra database is backed up to another server in the same AWS region as the SQL Server. These backups are compressed and then uploaded to the Amazon S3 service in a different region. OutreachSystems maintains backups going back 365 days. Non-relational data is also synchronized to the alternate region in a hot-standby location. The master service directory database is replicated real time in three data center locations (the regions and corporate).
In the event of the catastrophic loss of a region, the most recent backup will be extracted from the Amazon S3 service in the backup region. The backup will be restored and the Neoserra master directory will be updated to reflect the new region of service.
As indicated in the following table, work priorities are organized from critical to routine and allocated response and completion time:
|Critical||2 hours||24 hours||Immediate risk to data integrity and business continuity|
|Urgent||8 hours||48 hours||Prevention of critical time-sensitive function|
|Important||24 hours||7 days||Possible risk to operation|
|Routine||48 hours||28 days||No immediate impact on operations|
|Planned||14 days||As planned||Subject to planning|
SQL Server Security
Neoserra is based upon the robust Microsoft SQL Server database that is capable of handling thousands of records and multiple concurrent users. Since we have multiple SQL servers there is no one version of SQL that is employed but all servers are version 2014 or later. All database transactions utilize TSQL stored procedures for increased database security and efficiency.
Only OutreachSystems staff has direct access to the SQL Servers. Passwords used by the Outreach staff are changed on a regular basis.
Access ID and Password
Neoserra is accessible on the Web using Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari. Neoserra is designed to limit online access to those users possessing the username and password associated with their account(s). Neoserra employs 2-Factor Authentication which means that in addition to a password the user will need to authenticate themselves via a second medium.
One administrator account will be provided when your database is initially configured. The administrator, assigned by the lead center, will be responsible for providing usernames and passwords to all users. Users should never share their login account information and their passwords should conform to the following requirements:
- Whenever possible, you should use at least 14 characters or more (a minimum of 10 is required).
- Passwords must include mixed-case characters, digits and specialty characters.
- Passwords should use the entire keyboard, not just the letters and characters you use or see most often.
If a Neoserra user is no longer active with your program, it is imperative that you inactivate their login account!
Your Neoserra database is accessible via a secure https URL. The encryption technology in place (currently, RC4 128 bit SSL/TLS) allows for the protection of data in transit between your computer and ours.
The off-site backups are encrypted when they leave the primary co-location facility.
The Neoserra servers include "firewalls" that we monitor and that are designed to protect against unauthorized access to our systems.
How to Protect Yourself Online
Beyond the security measures offered by OutreachSystems, each user should also exercise certain precautions to protect themselves and the Neoserra data from unauthorized access.
User ID and Password
Users should follow these rules to protect themselves and the data in the Neoserra database:
- Never disclose your username or password to anyone else.
- Memorize your username and password, and make sure not to write them down.
- Don't use birth dates, names, or other easily guessed combinations of letters or numbers
- Don't be taken in. OutreachSystems will never send you an e-mail asking for your username or password.
In addition to the recommendations listed above, administrators should also be aware of all employees who are no longer with your organization. Usernames and passwords associated with employees who have left your organization should be immediately revoked. Users who believe that their passwords have been compromised should immediately notify their administrator and change their password.
When you are done online, log off. We suggest you do this before you shut your computer off. By default, Neoserra will automatically log you off after 12 hours of idle time.
Individual Computer Security
All users should protect their own computer by doing these things:
- Keep your operating system and browser up to date.
- Install a personal firewall.
- Install anti-virus software and keep it up to date.
- Scan your computer for spyware on a regular basis.
- Never download programs or files from unknown sources.
Want more? Browse our extensive list of Neoserra FAQs.