• Data Encryption
• Firewalls
• Authentication
  
• Regulatory Compliance
• Private Cloud Details
• Architecture
• Database Access
• Disaster Recovery
• Application Updates
• Integrify API

Data Encryption

Integrify Encryption in Transit

The connection uses TLS 1.2. The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.

Integrify Encryption at Rest (Optional)

Amazon RDS encrypted instances use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS instance. Once your data is encrypted, Amazon RDS handles authentication of access and decryption of your data transparently with a minimal impact on performance. You don't need to modify your database client applications to use encryption.

Amazon RDS encrypted instances provide an additional layer of data protection by securing your data from unauthorized access to the underlying storage. You can use Amazon RDS encryption to increase data protection of your applications deployed in the cloud, and to fulfill compliance requirements for data-at-rest encryption.

Firewalls

Integrify uses load balancing firewalls to permit only customer approved IP blocks to access the application and only on necessary ports. Certificates (SSL) are also installed at this level to assure all communication between the firewall and the browser is secure.

Authentication

Integrify Database Authentication 

(Availability: Standard Cloud, Private Cloud and OnPremise)

User profiles stored in Integrify. Passwords are hashed using bcrypt.  User Name and Password managed in Integrify.  Password pattern and length requirements as well as expirations settings can be used to enforce corporate password policies.

Integration with SSO/ADFS/SAML2.0 

(Availability: Standard Cloud, Private Cloud and OnPremise)  - a one time setup fee would apply

This option delegates authentication to your IDP using the standard HTTP POST SAML2.0 flow. Integrify will initiate an AUTHN request to your IDP and redirect the user to your authentication endpoint. Your IDP will authenticate the user and then cause the user’s browser to post a SAML Assertion with the user’s profile information to the Integrify ACS URL. Integrify will validate the SAML Assertion with the signing certificate provided by the IDP. If Valid, Integrify will provision the user  or update the user’s integrify profile if it already exists. Endpoints and attributes mappings will be exchanged as part of the setup. 

Windows Integrated Authentication (pass-through) and AD Sync Information 

(Availability: OnPremise only)

Users are logged into Integrify automatically based on their network user name.

Regulatory Compliance

SOC 2/3 Service Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Integrify's cloud applications achieve key compliance controls and objectives. These reports allow auditors to understand the controls established to support operations and compliance. Reports available upon request.
HIPAA Integrify can provide a Business Associate Agreement (BAA) certifying that our Cloud instances are compliant with HIPAA requirements. Customers can leverage the secure Integrify environment to process, maintain, and store protected health information. BAA Agreement available upon request.
FDA/21 CFR Part 11 This regulation ensures that companies and organizations implement good business practices by defining the criteria under which electronic records and signatures are considered to be accurate, authentic, trustworthy, reliable, confidential. Our software provides customers the necessary tools and technology to meet FDA/21 CFR Part 11 guidelines. Read More on Integrify's 21 CFR Part 11 Compliance

GDPR (General Data Protection Regulation) Compliance

Integrify is hard at work ensuring that our software and internal practices are GDPR compliant for our customers in the EU as both a data controller (our internal corporate systems) and data processor (the Integrify application) and we fully expect to be compliant by the May 25, 2018 deadline.

To meet the GDPR requirements for Data Processors we ensure the safety and security of the data our customers control on our platform.

Data Security

Integrify's Cloud application is hosted securely on AWS. AWS complies with the General Data Protection Regulation (GDPR) and adheres to the data protection standards required of data processors by the GDPR.

Monitoring and Breaches

• Integrify performs continuous monitoring and reporting on vulnerabilities and potential configuration flaws in cloud workloads including an incident audit trail for auditors and regulators.
• Integrify performs log security monitoring, daily review, and archive to detect attacks and provide evidence for regulators.
• Integrify provides network monitoring and analysis for suspicious activity and data breaches by security experts 24x7x365.
• Integrify provides notification and guidance to for data breaches within 24 hours to supervisory authority and affected customers.

Private Cloud Details

• A virtual machine running a dedicated Integrify server license
• Your dedicated Integrify instance is not shared with outer customers providing total isolation
• Isolated SQL Server database running on Amazon's RDS
• You will have direct access to the SQL Server database used by your Integrify instance allowing you to use third party reporting tools, manage lookup tables or link to other databases in your enterprise.
• Data backed up nightly and retained for 3 days.
• Instant hardware failover - if the hardware fails, your instance is immediately backed up
• VPN connection to your network (optional)
• Fully managed by Integrify - No hardware or software licenses or maintenance required
• Your own unique URL

• Ability to authenticate users and sync with Active Directory through SAML/SSO.
• AWS RDS for Sql Server instance: http://aws.amazon.com/rds/sqlserver/
• This is a managed service and access is available through SQL Server Management Studio. RDP access or access to the file system will not be available.
• Multiple databases can be added to the instance and multiple schemas in each database.
• NOTE: If you plan to do activities with the databases not related to Integrify, the other option is to buy your own database instance on Amazon - either a dedicated VM or RDS instance and let the Integrify server connect to it on the local network. This would keep performance up while keeping the server isolated from the Internet.

Architecture

Database Access

(It is not required, but available both OnPremise and in a Private Cloud.)

Access can be provided to the Integrify DB and tables to client Administrators.

Disaster Recovery

Backup Processes

In the Integrify Cloud (Standard or Private) snapshots are taken every 15 minutes,  with a snapshot being copied to a disaster recovery data center once a day. For OnPremise deployments, clients can follow their normal DB backup procedures.

Off-site Data Storage

Integrify utilizes AWS for Cloud deployments. For more detail see here: https://aws.amazon.com/backup-recovery/

Replication Process

Integrify utilizes AWS for Cloud deployments. For more detail see here: https://aws.amazon.com/backup-recovery/

Data Retention

No data is deleted from the Integrify database, through the Integrify system. Only soft deletes are able to be made. In the Integrify Cloud (Standard or Private) full backups are done daily, incremental backups are done every 15 minutes – with a daily backup distributed to a separate data center for disaster recovery. For OnPremise deployments, clients can follow their normal DB backup procedures. Integrify utilizes AWS for Cloud deployments. For more detail see here: https://aws.amazon.com/backup-recovery/

Application Updates

Update Management

If deployed OnPremise, customers utilize the Integrify OnPremise Manager for updates to the platform. If deployed in the Cloud (Private Cloud) Integrify manages Private Cloud instance as a managed service as part of the annual subscription. Private Cloud instances are single tenant with a SQL Server DB instance for each client. (Note: all Integrify clients whether single tenant or multi-tenant, have their own DB instance).

Monitoring

Integrify monitors the performance of the Integrify cloud and pro-actively alerts Support Group members if needed. Integrify utilizes AWS to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes.

Platform Upgrades

For OnPremise deployments, Integrify makes updates to the platform available to the client to download and install. Clients can utilize the Integrify OnPremise Manager to update their installation. Minor software updates are made available monthly and are inclusive. A client may skip several months and then install the next available update and it will include all prior skipped minor releases. In the Integrify Private Cloud, this is provided as part of your annual subscription as a managed service.

Integrify API

Integrify has several tasks types referred to as Plugins that enable to call out and call in data from a variety of interfaces. Our REST and SOAP Plugins enable calls to be made during process execution. This information can be utilized within the process/request itself and also be saved within Integrify and other custom data structures to be utilized later during other processes or actions.

• REST Client documentation
• SOAP/Web Service Documentation

Integrify also has an API Kit that enables triggering of actions programmatically through RESTful services. Nearly any action that can be triggered through our end user interface can also be triggered through RESTful services – such as initiating a process, executing a task, running a report and much more. Integrify API documentation can be found here: https://developer.integrify.com

Incident Management

Integrify's platform can be used as an incident managment system, allowing users to report security breaches or safety issues which then follow the chain of action and approval.