Overview

Gnosis is a cloud-based data management system that you utilize via the Gnosis Pro administrative software.  Access to a presentation layer via your web portal also enables you to provide data-related services to members, donors, and Guests.  This article provides a summary of the basic protections in place that address the security of your data.

Data Center Security

All data that you store in Gnosis - with the exception of credit card information which is passed through to Authorize.net, a Visa company - is kept in our secure data center in St. Louis, MO.  The data center is certified as HIPAA compliant with the highest standards of commercial security.  Backend access to system configuration requires MFA authentication and is protected behind a double firewall - both at the network-entry level and individual server level. 

Additionally, our systems employ a 2-fails lockout monitor that permanently denies access to any external system attempting access but not successfully completing authentication.

Internally, only two staff members can administer server consoles which require a secure VPN with secure key certification to access. A log of all access is maintained.

Data Backup

Your data is backed up daily using two redundant backup processes employing backup locations both at the data center and at redundant off-site secure locations within the AWS Cloud.  Daily backups are retained for 90 days and monthly snapshots of those backups are retained for up to 3 years.

Data Access

Data may be accessed using the Gnosis Pro application and/or web-based interfaces employing username/password access security and SSL transit security employing industry-standard Symmetric 256-bit encryption.

In order to ensure secure access to your data, we support the implementation of password security standards using any combination of minimum length, complexity rules, and days to expire.

Access to your system is controlled by username and password (with the password optionally subject to the above security requirements) and optionally Two Factor Authentication (2FA).  Additionally, logged-in sessions may be set to automatically log out from inactivity if desired, and 2FA challenges can be set to every login or a number of days since the last login.

There are no other requirements for your users to access data from any location.  As a result, we recommend a solid standard be enforced for user access using the above password complexity rules.

Data Management

We suggest that the most secure location for your data is probably in your Gnosis database.  Consequently, is it a good practice to not export large amounts of sensitive data to spreadsheets and reports that are stored on PCs and servers with less secure access standards.

Data Breaches

While the Gnosis system employs a very high level of back-end security, no computer system is fully impervious to a potential breach by a sophisticated hacker.  In the unlikely event that such a breach does occur, our disaster recovery protocols use a rebuild-from-scratch approach with off-site backup data recovery.  Should a breach be detected, our affected client(s) will be notified immediately.  Connect4 does not subscribe to data insurance and no such insurance protection is available from us.  If you wish to download a copy of your database from time to time for your own security purposes, we do provide this service for a small fee and will be happy to set it up for you.