ScreenHubb Security Overview
This article is intended to provide a general overview of system security. Security considerations exist at a number of levels: policy, application, machine, network, and so on. We have broken down this security overview into subcomponents to help you distinguish between these various elements.
The Screenhubb platform account management system provides robust controls to help you secure your data.
- User management controls and fine-grained permissions let you determine what can be seen and done by individuals or groups.
- Access logs track user activities within the system.
- General policy, infrastructure, and design considerations help support a well-rounded security implementation.
Screenhubb is hosted on the Microsoft Azure Cloud Platform. Azures infrastructure is designed as a secure foundation that can host millions of customers simultaneously, giving you control and customization via a wide array of configurable security options. Azure prevents unauthorized and unintentional transfer of information between deployments in a multi-tenant architecture, with:
- Virtual local area network (VLAN) isolation
- Access control lists (ACLs)
- Load balancers, and IP filters
- Traffic flow policies
- Network address translation (NAT) (to separate internal network traffic from external traffic_
- Much more...
Screenhubb relies on the power and stability of Microsoft SQL Server to provide fast, robust, and stable database storage and retrieval.
- Database mirroring with real-time failover protection ensures that system will be resistant to interruptions of service.
- Database logging tracks individual field changes
- Field-level data encryption protects personal identifiers such as Social Security Numbers and Drivers License Numbers, and Birth Dates, and protected health information.Encryption of data at rest is achieved in accordance with the guidelines specified by NIST Guide to Storage Encryption Technologies for End User Devices
In order to comply with the highest security standards of our users, government agencies, hospitals, and private individuals, our policies, network architecture, and software are designed with the aim of implementing the following security recommendations:
- General system architecture and company policies aim to implement all pertinent recommendations outlined in NIST Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations. This is a matter of policy persistent audit, review, and development process.
- Encryption of data at rest is achieved in accordance with the guidelines specified by NIST Guide to Storage Encryption Technologies for End User Devices
- All data channels are secured by compliant with NIST Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. Accordingly, at the time of this writing, end-user browsers must be compatible with TLS 1.2.
The Screenhubb software platform is certified PCI DSS compliant by Trustwave, ensuring that your financial transactions are secure and protected. Screenhubb uses Authorize.Net to process financial transactions and securely store customer payment information. Other system elements and policies that contribute to satisfying PCI requirements:
- Secure Network and Systems
- Protect stored cardholder data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
As your HIPAA Business Associate, DrugPak LLC is committed to the highest standards of HIPAA compliance as we help you manage protectedhealth information in the course of doing business.
- System complies with HITECH Act of 2009.
- The DP Web End User License Agreement contains an embedded HIPAA Business Associates Agreement (BAA).