Table of Contents

Overview

Gnosis is a cloud-based data management system that you utilize via the Gnosis Pro administrative software.  Access to a presentation layer via your web portal also enables you to provide data-related services to members, donors, and Guests.  This article provides a summary of the basic protections in place that address the security of your data.

Data Center Digital Security

All data that you store in Gnosis - with the exception of credit card information which is passed through to Authorize.net, a Visa company - is managed in our secure data center in Chicago, IL.  The data center incorporates high standards of commercial security with three layers of data security protection: at the premise level, server network level, and at each individual server.  Server monitoring using the latest in intrusion, malware, cloud storm, and access management secures our servers and is actively performed 24x7,  by on-premise technical support staff and remotely managed in our Campbell CA USA, and Melbourne Vic Australia locations.

Our backbone network infrastructure is based on multiple networks that are backed up by tier-1 providers. Additionally, our systems employ a 2-fails lockout monitor that permanently denies access to any external system attempting access but not successfully completing authentication.

Data Center Physical Security

Our data center is secured with multi-stage physical access control into and through the building and guarded with 24x7 surveillance, and constant monitoring. Only authorized staff are allowed access and third-party contractors or visitors require security clearance to enter and are escorted whilst on the premises.

The data center is power failure proof, and every server is connected to a conditioned UPS (Uninterrupted Power Supply) and is N+1 redundant and set up for instantaneous failover to ensure continuity. In the unlikely event of system-wide power utility failure, our centers are backed up with independent generator power with the ability to run the entire system without interruption.  Infrastructure redundancy also includes power supplies, cooling systems, and alarms.

Our core routing equipment is kept at the latest version available with full redundancy and enterprise-class equipment. We use the latest technology equipped with hardware that is housed in a secured core routing room using only fiber carriers.

Data Backup

Your data is backed up daily using two redundant backup processes employing backup locations both at the data center and at redundant off-site secure locations within the AWS Cloud.  Daily backups are retained for 90 days and monthly snapshots of those backups are retained for up to 3 years.

Data Access

Data may be accessed using the Gnosis Pro application and/or web-based interfaces employing username/password access security and SSL transit security employing industry-standard Symmetric 256-bit encryption.

In order to ensure secure access to your data, we support the implementation of password security standards using any combination of minimum length, complexity rules, and days to expire.

Access to your system is controlled by username and password (with the password optionally subject to the above security requirements) and optionally by Two Factor Authentication (2FA).  Additionally, logged-in sessions may be set to automatically log out from inactivity if desired, and 2FA challenges can be set to every login or a number of days since the last login.

There are no other requirements for your users to access data from any location.  As a result, we recommend a solid standard be enforced for user access using the above password complexity rules.

Data Management

We suggest that the most secure location for your data is probably in your Gnosis database.  Consequently, is it a good practice to not export large amounts of sensitive data to spreadsheets and reports that are stored on PCs and servers with less secure access standards.

The Gnosis system is set up to support adherence to HIPAA (US) and PHIPA (CA) privacy and security standards.  To implement these standards, you will also need to turn on 2FA security and adhere to the relevant document security standards.

Data Breaches

While the Gnosis system employs a very high level of back-end security, no computer system is fully impervious to a potential breach by a sophisticated hacker.  In the unlikely event that such a breach does occur, our disaster recovery protocols use a rebuild-from-scratch approach with off-site backup data recovery.  Should a breach be detected, our affected client(s) will be notified immediately.  Connect4 does not subscribe to data insurance and no such insurance protection is available from us.  If you wish to download a copy of your database from time to time for your own security purposes, we do provide this service for a small fee and will be happy to set it up for you.

 

Updated June 2023 - New Data Center

 

Comments

0 comments

Please sign in to leave a comment.