Solutions & Services
MainEDC™ is designed to help our Clients work securely with their data and deliver it to users, customers, partners, and investigators to drive better business outcomes. We protect Clients’ data, ensure the following security regulations, and mitigate all potential risks; all of these are essential for building trust and delivering a high-service level. We at Data Management 365 take a risk-based approach to security and technologies implemented to protect our customers.
Our implementation allows us to adhere to the following standards and best practices, demonstrating our commitment to customers’ security and privacy:
For EAEU regulations:
We use only the best scenarios and industry practices to keep and protect customers’ data: from physical security at the data centers to full control using audit trail at data level:
Processes and procedures
Our strategy revolves around clients’ data security. The key priority for us is well-educated personnel who understand their responsibilities and always keep their knowledge of Company procedures up-to-date.
Data Management 365 QA procedures provide comprehensive guidelines for security processes and policies to ensure the security of our customers data. We use validated Electronic Learning Management System (eLMS) to ensure that our employees are familiarized and trained in the applicable standard operation procedures and working instructions.
21 CFR Part 11
MainEDC™ is compliant with the FDA requirements (Part 11 of Title 21 of Code of Federal Regulations, U.S. Department of Health and Human Services; 21 CFR Part 11), including:
Data Management 365 confirm meeting 21 CFR Part 11 technical requirements by employing necessary operational procedures and controls that include validation of GxP functions to ensure accuracy, reliability, consistent intended performance, and the ability to recognize invalid or altered records.
We provide our customers the tools that allow them to meet their data controller responsibilities under the GDPR. The examples of such tools are:
Business Continuity and Disaster Recovery
We consider business continuity and disaster recovery planning as the best approach for the entire business. Planned activities include input from all functional and business areas, including IT support, human resources, administrative function, and disaster recovery planning for customer applications.
One of the most important aspects of our work along with multitasking and flexibility is the reliability of data storage and uninterrupted access to our services. We use the latest fail-safe technology to ensure the accessibility and security of data:
We use only certified data centers:
Our Data Centers
Currently Data Management 365 uses the following data centers:
We are constantly expanding the list of our data centers. Some data centers are used as part of a client specific agreement.
Virtualization, Replication, and Clusterization
We use Microsoft Hyper-V Server 2016 and the clusterization technology.
Private Cloud data storage
Each client is provided with their own private cloud hosted on Windows 2016. We do not use common databases, password databases or different access links for different clients within the same site. Each site has its own access level and own backup copies, thereby reducing the possibility of data leakage between different clients to an absolute zero.
All of our services are under 24/7 monitoring. We use both external services (Monitis) for general alerts (ping, https access etc.) and deep monitoring using Zabbix tool. Any potential infrastructure problems, connection problems and all the services are constantly surveyed, if the system recognizes a possible problem, the technical support team of the company immediately receives email, SMS alerts and Telegram messages.
We are in complete charge of the security of data, which is why we use the best experience in data storage and backup technology.
We use GFS (grandfather-father-son) tape rotation strategy.
We perform incremental backup two times per day including weekends.
We perform FULL backup every day including weekends.
We keep the last two weeks of data (14 tapes), one tape for the previous two weeks, one tape per each month of the year and one tape per each year all the time.
Each Monday, we deposit an encrypted ( 2048 key) backup in a bank safe (out of the data center).
All Data Centers used by Data Management 365 have passed the vendor assessment procedure according to strict corporate standards. All of the data centers correspond to the following criteria:
We are constantly expanding the approved list of our data centers.
Hardware and Internet Channels
We use only reliable servers, produced by Dell, HP, and Supermicro. Standard specification is: 2 x Intel Xeon Silver 4114 2.2 GHz, 20 cores, 128Gb DDR3, 6x 960 GB SSD, Raid 1 + Raid 10, 1000 Mbit/s Internet connection.
Data Management 365 uses the most reliable solution in terms of both the reliability of storage and the availability of data. As an OS level, we use the time-tested solution from Microsoft – Microsoft Hyper-V Server 2016 to maintain a robust disaster recovery strategy, we use two main technologies – replication and clustering (see Backup Strategy section). We keep all of the internal data and clients’ data only on virtual machines.
Thanks to the Microsoft Hyper V solution, any Virtual Machine with all of the data is replicated online to another data center.
The Failover Clustering feature enables Data Management 365 to create and manage failover clusters. A failover cluster is a group of independent computers that work together to increase the availability of applications and services. The clustered servers are connected by https online replication. If one of the cluster nodes fails, another node begins to provide service. Users experience only minimal disruptions in service.
Segmented/Isolated Client’s Data
Data Management 365 Platform provides each client with their own virtual environment and personal domain to access application. Therefore, the mixing of data is excluded. This physical security measure is in addition to the logical security measures.
All network access to the hosts is protected by a multi-layered firewall operating in a deny-all mode. Internet access is only permitted on explicitly opened ports for only a subset of specified hosts.
Virus, Spybot, Spam Scanning
In addition to our Firewall, Data Management 365 uses a number of scanning tools for the further sanitization of all data prior to its traversing to the data center networks. These scanning tools notify us if something malicious has made it through our defenses and may attempt to access our systems.
Data Management 365 servers are allocated to the different security groups with specific security settings. Separate VLANs are used for split testing, QA and production environments.
Data Management 365 Applications
The Data Management 365 applications don’t just provide the end users with the ability to access data, the system controls all of the security parameters of each system’s user according to the client specific model. Architecture relies on a centralized authentication and authorization security framework to control access to services. By default, each user must change the password every 90 days. Passwords are to be complicated and fulfill a number of requirements, including the number and type of symbols.
The system controls a number of access attempts and stops using the last user password after the 3rd selection attempt to reduce the risk of automated attacks against customer data. Our clients may also choose to implement Single-Sign-On (SSO) with their own access policies (including multi-factor access) to integrate user authentication with their own policy (e.g. Active Directory).
Data Management 365 platform supports Multi-Factor Authorization (MFA) using 3rd factor e-mail / text notifications.
User Session Expiration
User session expiration (timeout) allows our clients to specify a period of inactivity after which user sessions are terminated and users are automatically logged out of the Data Management 365 platform. In accordance with industry best practices, we recommend configuring the user session expiration for HIPAA compliance or other security sensitive solutions. By default, the timeout in the system is 20 minutes, which can be changed according to the client’s specific settings.
All traffic into and out of the Data Management 365 Platform is encrypted using TLS/SSL protocol that leverages either SHA-2 or AES algorithms.
Whether an end-user is accessing dashboards or reports in the Data Management 365 Platform user interface or an administrator configuring an environment using the configuration tools, all access to the user interfaces is encrypted via HTTPS/SSL.
Any integration with the Data Management 365 application programmatic interface (API) leverages HTTPS/SSL encryption.
Customer data may only be accessed through the application layer. Whether this access is through the user interfaces or through the available API, it enforces user access controls to regulate access to the customer data only to authorized users and Data Management 365 employees. Data Management 365 does not provide direct access to any database.
End User and Roles
User security is enforced via a variety of security measures allowing only authorized users to view a strictly defined set of data based on user’s role or personal settings. For example, a user with a CRA role will not be able to gain access to finance data, etc.
IP Whitelisting is an additional security feature in Flex Databases. This feature should be used to limit and control access based on a list of defined IP addresses or address ranges from which users can access the Data Management 365 Application. We recommend our client to configure IP Whitelisting for HIPAA compliant solutions in accordance with industry best practices.
Audit trails maintain a record of system activity both by system and application processes and by the user activity of systems and applications. In conjunction with the appropriate tools and procedures, audit trails can assist in detecting security violations, performance problems, and flaws in applications. Using an application audit trail, we always can restore any events in the system. We use an audit trail for all activities (including login/logout, insert, update and delete operations) that always remain for the whole application life cycle as a ready-only source. Any record in the audit trail includes the name of the user and time stamp in international format.
Internal and External Audits
Periodic Vulnerability Testing
Scans Data Management 365 has the third-party annual vulnerability and penetration testing which covers Top Application Security Flaws.
We are proud that our customers’ data is sufficiently protected by this approach and we are open to discuss any practices and approaches further.
In 2015, Data Management 365 received the Russian Federation accreditation that allows us to work in the sphere of information technologies (#5538). This accreditation is a confirmation that Data Management 365 meets the requirements defined in the regulations “On the state accreditation of the organizations carrying out their activities in the information technologies field”, approved by Resolution #758 of the Government of the Russian Federation on November 6, 2007. The Company was entered into the state registry of information technology companies.
Data Management 365 is a member of the Microsoft BizSpark ® program. As a participant in this program, Data Management 365 gains access to software development tools, platform technologies and server products, support and training from Microsoft.