Generations Homecare System Security Statement

Security Statement


TRUSTe Privacy Certification
Introduction
This document presents Integrated Database Systems (IDS) security practices when collecting and processing data within the Generations Homecare System online SAAS product. IDS strives to ensure data is kept securely and this security statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected. Any future revisions to the security statement will be posted on IDS website.
Risk Management
Both within the development process and in the production environment, evaluating the probability and impact of all changes drives the risk management process to protect against activities that could compromise the privacy and confidentiality of customer data, or disrupt the availability of the SAAS application.
Data Collection and Management
All data collected by IDS on behalf of its customers remains the property of the respective customers and is classified as confidential. Access to customer data is restricted to legitimate business use only.
Operational & Administrative Security
IDS performs background screening on employees, and requires employees to complete a series of courses on privacy and security. Access controls in place for systems and environments are set on a need-to-know / least privilege basis. IDS maintains internal information security policies including incident response plans, information system activity reviews, and violation sanctions.
Application and User Security
Generations uses SSL encryption for web access and TLS encryption is enabled on mail servers utilizing certificates approved through VeriSign. Agency data is isolated at the database level. User authentication is done using three identifiers consisting of an agency ID, email, and password.
Physical Security / Availability
Generations houses servers in an SSAE-16 compliant, SOC 3 audited data center located in the US. Server redundancy is maintained by implementing redundant hardware at the server level and also by implementing backup servers at the primary data center and also at another data center in a physically different location. Customer data is backed up throughout the day to another physical server in the primary data center and to an alternate datacenter. Backups are stored in encrypted format. Continuous uptime monitoring is in place, with immediate escalation to IDS staff for any downtime. Additionally, failover processes and procedures are in place to ensure minimal downtime.
Network Security
All servers are behind Cisco firewall and have up-to-date anti-virus installed. Security patches to operating systems are done when made available and verified to be stable. Access to database information is limited to key personnel.
Handling of Security Breaches
We cannot guarantee absolute security. However, if IDS learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulations.
Your Responsibilities
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any data you download to your own computer away from prying eyes. You need to ensure user accounts are disabled when those users are terminated from your organization.