Security, Privacy and Architecture of Allyn International SaaS Solutions
Security, Privacy and Architecture of Allyn International SaaS Solutions
Allyn International’s Corporate Trust Commitment
Allyn International is committed to achieving and maintaining the trust of our customers. Integral to this mission is providing a robust security and privacy program that carefully considers data protection matters across our suite of solutions, including protection of Customer Data as defined in Allyn International Master SaaS Agreement Subscription Agreement.
This documentation describes the architecture of, the security- and privacy-related audits and certifications received for, and the administrative, technical and physical controls applicable to the Software as a Service solutions of Allyn International of: Allyn Logistics Application (ALA), CIMS and CertLocker.
Architecture and Data Segregation
The Covered Solutions are operated in a multitenant architecture that is designed to segregate and restrict Customer Data access based on business needs. The architecture provides an effective logical data separation for different customers via customer-specific “Organization IDs” and allows the use of customer and user role-based access privileges. Each customers data will be separated by their own individual databases. For Allyn International Maps, the architecture also provides an effective logical data separation via customer-specific “Tenant IDs.” The specific infrastructure used to host Customer Data is described in the “Infrastructure and Sub-processors” section available here.
Control of Processing
Allyn International has implemented procedures designed to ensure that Customer Data is processed only as instructed by the customer, throughout the entire chain of processing activities by Allyn International and its sub-processors. In particular, Allyn International and its affiliates have entered into written agreements with their sub-processors containing privacy, data protection and data security obligations that provide a level of protection appropriate to their processing activities. Compliance with such obligations as well as the technical and organizational data security measures implemented by Allyn International and its sub-processors are subject to regular audits. The “Infrastructure and Sub-processors” documentation describes the sub-processors and certain other entities material to Allyn International’s provision of the Covered Solutions
Certain features of the Covered Solutions use functionality provided by third parties. The work by sending standard fields from Customers' Account object to Allyn International's infrastructure, currently hosted by, Azure where this data is matched to Content. When customers use Messaging to transmit or receive mobile messages, such as SMS messages, the content of those messages and related information about those messages are received by (a) aggregators — entities that act as intermediaries in transmitting mobile messages or provisioning mobile numbers, and (b) carriers — entities that provide wireless messaging services to subscribers via wireless or wireline telecommunication networks. Such aggregators and carriers access, store, and transmit message content and related information to provide these functions.
● Payment Card Industry (PCI): For the Covered Solutions, because Allyn International is hosted by Azures see terms and conditions: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuide?command=Download&downloadType=Document&downloadId=425af30f-1236-41bc-b45c-98a52ee84c28&docTab=4ce99610-c9c0-11e7-8c2c-f908a777fa4d_PCI_DSS
● System and Organization Controls (SOC) reports: because Allyn International is hosted by Azures see terms and conditions: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuide?command=Download&downloadType=Document&downloadId=425af30f-1236-41bc-b45c-98a52ee84c28&docTab=4ce99610-c9c0-11e7-8c2c-f908a777fa4d_PCI_DSS
The Covered Solutions include a variety of configurable security controls that allow customers to tailor the security of the Covered Solutions for their own use. Information on Multi-Factor Authentication and Single Sign-On for access to the Covered Solutions is set forth in the applicable Notices and License Information Section of this document. Certain Covered Solutions and features use Azure to host or process Customer Data, as further described in the “Allyn International Services Infrastructure and Sub-processors” section of this document; further information about security provided by Azure is available from the Azure Security website, including Azure overview of security processes. Certain Covered Solutions and features use the Heroku platform to host or process Customer Data, as further described in the “Allyn International Services Infrastructure and Sub-processors” section of this document; further information about security provided by Heroku is available from Heroku’s Security, Privacy, and Architecture Documentation. Security Policies and Procedures. The Covered Solutions are operated in accordance with the following policies and procedures to enhance security:
- Customer passwords are stored using a one-way salted hash.
- User access log entries will be maintained, containing date, time, user ID, URL executed, or entity ID operated on, operation performed (created, updated, deleted) and source IP address source IP address might not be available if NAT (Network Address Translation) or PAT (Port Address Translation) is used by Customer or its ISP.
- If there is suspicion of inappropriate access, Allyn International can provide customers log entry records for use in forensic analysis when available. This service will be provided to customers on a time and materials basis.
- Passwords are not logged.
- Allyn International personnel will not set a defined password for a user. Passwords are reset to a random value (which must be changed on first use) and delivered automatically via email to the requesting user.
Allyn International, or an authorized third party, will monitor the Covered Solutions for unauthorized intrusions using network-based and/or system-based intrusion detection mechanisms. Allyn International may analyze data collected by users' web browsers for security purposes, including to detect compromised browsers, to prevent fraudulent authentications, and to ensure that the Covered Solutions function properly. Security Logs All systems used in the provision of the Covered Solutions, including firewalls, routers, network switches and operating systems, log information to their respective system log facility or a centralized syslog server (for network systems) in order to enable security reviews and analysis.
Allyn International maintains security incident management policies and procedures. Allyn International notifies impacted customers without undue delay of any unauthorized disclosure of their respective Customer Data by Allyn International or its agents of which Allyn International becomes aware to the extent permitted by law. Allyn International publishes system status information on the Allyn International Trust website. Allyn International typically notifies customers of significant system incidents by email, and for incidents lasting more than one hour, may invite impacted customers to join a conference call about the incident and Allyn International’s response.
Access to Covered Solutions requires authentication via user ID/password Following successful authentication, a random session ID is generated and stored in the user's browser to preserve and track session state.
Reliability and Backup
All networking components, network accelerators, load balancers, Web servers and application servers are configured in a redundant configuration. All Customer Data submitted to the Covered Solutions is stored on a primary database server with multiple active clusters for higher availability. All Customer Data submitted to the Covered Solutions is stored on highly redundant carrier-class disk storage and multiple data paths to ensure reliability and performance. All Customer Data submitted to the Covered Solutions, up to the last committed transaction, is automatically replicated on a near real-time basis to the secondary site and backed up to localized data stores. Backups are verified for integrity and stored in the same data centers as their instance.
Production data centers are designed to mitigate the risk of single points of failure and provide a resilient environment to support service continuity and performance. The Covered Solutions utilize secondary facilities that are geographically diverse from their primary data centers, along with required hardware, software, and Internet connectivity, in the event Allyn International production facilities at the primary data centers were to be rendered unavailable. Allyn International has disaster recovery plans in place and tests them at least once per year. The scope of the disaster recovery exercise is to validate the ability to failover a production instance from the primary data center to the secondary data center utilizing developed operational and disaster recovery procedures and documentation. The Covered Solutions’ disaster recovery plans currently have the following target recovery objectives: (a) restoration of the Covered Solution (recovery time objective) within 12 hours after Allyn International’s declaration of a disaster; and (b) maximum Customer Data loss (recovery point objective) of 4 hours. However, these targets exclude a disaster or multiple disasters causing the compromise of both data centers at the same time.
The Covered Solutions do not scan for viruses that could be included in attachments or other Customer Data uploaded into the Covered Solutions by a customer. Uploaded attachments, however, are not in the Covered Solutions and therefore will not damage or compromise the Covered Solutions by virtue of containing a virus.
The Covered Solutions use industry-accepted encryption products to protect Customer Data and communications during transmissions between a customer's network and the Covered Solutions, including through Transport Layer Encryption (TLS) leveraging at least 2048-bit RSA server certificates and 128-bit symmetric encryption keys. Additionally, all data, including Customer Data, is transmitted between data centers for replication purposes across encrypted links utilizing AES-256 encryption.
Return of Customer Data
Within 30 days post contract termination, customers may request return of their respective Customer Data submitted to the Covered Solutions (to the extent such data has not been deleted by Customer, or if Customer has not already removed the managed package in which the Customer Data was stored). Allyn International shall provide such Customer Data via downloadable files in comma separated value (.csv) format and attachments in their native format. The foregoing return of Customer Data for managed packages may not be available if the packages were removed prior to contract termination, as removing the package may begin the deletion process for associated Customer Data.
Deletion of Customer Data
Except as otherwise stated below, after termination of all subscriptions associated with an environment, Customer Data submitted to the Covered Solutions is retained in inactive status within the Covered Solutions for 120 days, after which it is securely overwritten or deleted from production within 90 days, and from backups within 180 days. Physical media on which Customer Data is stored during the contract term is not removed from the data centers that Allyn International uses to host Customer Data unless the media is at the end of its useful life or being deprovisioned, in which case the media is first sanitized before removal. This process is subject to applicable legal requirements. Without limiting the ability for customers to request return of their Customer Data submitted to the Covered Solutions, Allyn International reserves the right to reduce the number of days it retains such data after contract termination. Allyn International will update this Allyn International Security, Privacy and Architecture Documentation in the event of such a change.
For Allyn International Maps, all Customer Data submitted to Azure (with the exception of CSV files uploaded by Customer via the Allyn International Maps Custom Data Source Portal (“Custom Data Sources”) is retained in Azure or 90 days, after which it is securely overwritten or deleted. Custom data Sources submitted to Azure are converted into data layer files, and the original CSV files are deleted after 90 days. Any Custom Data Sources returned pursuant to the “Return of Customer Data” section will be in the form of a converted data layer file, not the original CSV file. All Customer Data submitted to Heroku is retained in Heroku for the duration of the applicable subscription term, then deleted 30 days after termination of the applicable subscription term, after which it is securely overwritten or deleted. The foregoing deletion of Customer Data for managed packages may not be available if the packages were removed prior to contract termination. Sensitive Data Important: Customers must use either “Platform Encryption” for supported field types and file attachments or the “Classic Encryption” custom fields feature, and manage the lifecycle of their encryption keys, when submitting payment cardholder data and authentication data, credit or debit card numbers, or any security codes or passwords to the Covered Solutions. Customers may not otherwise submit such data to the Covered Solutions. For other categories of sensitive data, customers should also consider using “Platform Encryption” or “Classic Encryption.” Additionally, for the Covered Solutions, the following types of sensitive personal data may not be submitted: personal health information, where Customer is a health care provider, health care clearinghouse, health plan, or an entity performing functions on behalf of such entities, except in limited circumstances where, subject to restrictions, Allyn International has expressly permitted such submission contractually. Furthermore, any Customer using Public Cloud Infrastructure may not submit to the Covered Solutions Protected Health Information, as defined under the U.S. Health Insurance Portability and Accountability Act. If Customer does submit personal health information or other sensitive or regulated data to the Covered Solutions, then Customer is responsible for ensuring that its use of the Covered Solutions to process that information complies with all applicable laws and regulations. For Intelligent Form Reader, if a Customer chooses to use any part of this Covered Solution in connection with a decision-making process with legal or similarly significant effects, Customer shall ensure that the final decision is made by a human being. For clarity, the foregoing restrictions do not apply to financial information provided to Allyn International for the purposes of checking the financial qualifications of, and collecting payments from, its customers, the processing of which is governed by Allyn International’s Website Privacy Statement. Analytics Allyn International may track and analyze the usage of the Covered Solutions for purposes of security and of helping Allyn International improve both the Covered Solutions and the user experience in using the Covered Solutions. For example, we may use this information to understand and analyze trends or track which of our features are used most often to improve product functionality. Allyn International may share anonymous usage data with Allyn International’s service providers for the purpose of helping Allyn International in such tracking, analysis and improvements. Additionally, Allyn International may share such anonymous usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services. Interoperation with Other Services The Covered Solutions may interoperate or integrate with other services provided by Allyn International or third parties. When third-party systems connect to the Covered Solutions, these external systems supply metadata to the Covered Solutions for the purpose of maintaining the intended functionality of the integration, for example an external system may supply a third-party record ID, file name, folder name, or similar label intended to identify a record that is being sent to the Covered Solutions. Allyn International may collect and store such metadata to ensure product functionality, and to assist in debugging, support and for security purposes. Allyn International provides appropriate protections for such metadata and treats it consistently with our Privacy Statement. Security, Privacy and Architecture documentation for services provided by Allyn International is available in the Trust and Compliance Documentation. Allyn International also provides a variety of platforms and features that allow Allyn International users to learn about Allyn International products, participate in communities, connect third-party applications, and participate in pilots, testing and assessments, which are outside the scope of this documentation. Allyn International may communicate with users that participate in such platforms and features in a manner consistent with our Privacy Statement. Allyn International offers customers and users the ability to deactivate or opt out of receiving such messages.
Multi-Factor Authentication (MFA) Requirement for Using the Covered Solution
Starting February 1, 2022, Allyn International will begin requiring customers to enable Multi-Factor Authentication (MFA) for all Covered Solution. Customer must satisfy the MFA requirement by either: (1) enabling MultiFactor Authentication for all users who log in to Customer’s Covered Solution through the user interface or (2) ensuring MFA is enabled for all users who use Single Sign-On (SSO) to access Customer’s Covered Solution, by using the SSO provider’s MFA services or, where supported, by turning MFA on in Allyn International products. Further information on MFA, including acceptable verification methods for MFA, can be found here.
Restricted Uses of Information
The Covered Solution may be used to send Messages only to those recipients who have given customers permission to send them such Messages in accordance with any legal requirements for obtaining such permission, or, for email messages governed by the U.S. CAN-SPAM Act, where the Message can be characterized as a “transactional or relationship message” as contemplated by the U.S. CAN-SPAM Act. Customers shall also be solely responsible for complying with the U.S. CAN-SPAM Act.
If a carrier, aggregator, industry group, government group, or other organization creates a list of email addresses, telephone numbers or other addresses whose status has changed – such as email addresses added to a “do not contact” list or telephone numbers that have been assigned to a new user – Allyn International.com reserves the right to block Messages from being sent to those recipients. However, the responsibility for ensuring compliance with such lists rests solely with our customer and Allyn International.com shall not be liable for any failure to block Messages to such addresses or phone numbers or for any failure for inadvertently opting out a user who should be opted-in.
IT Service Center — IT Agent The IT Service Center — IT Agent managed package integrates with third-party services provided by Tanium, Inc. (“Tanium Endpoint Management services”), which are Non-ALLYN Applications. The Tanium Endpoint Management services include a Tanium managed package and the following Tanium-as-a-Service (TaaS) services: Tanium Core, Tanium Deploy, Tanium Discover, and Tanium Performance. Customer’s use of the Tanium managed package and TaaS services are subject to the following terms of service: http://tanium.com/taas-subscription-agreement/, or other applicable terms as Customer has separately agreed to with Tanium. Interoperation with Other Services The Covered Solution may interoperate or integrate with other services provided by Allyn International or third parties
Sub-processors — Customer Data Storage The Covered Solutions are hosted in enterprise-class data centers and are divided into a modular architecture based on “instances.” Except in the scenarios described below, Ally International owns or controls access to the infrastructure that Allyn International uses to store Customer Data. In general, Customer Data is stored in data centers in the region from which a customer subscribes to the Covered Solution as outlined in the table below; however, Customers can request at the time of sign-up to be hosted in a different region. Each instance of the Covered Solution contains many servers and other elements to make it run. Copies of each instance are located in two data centers, unless otherwise indicated below; one data center serves as the primary location from which data is served, and the second data center serves as a back-up. The primary location will switch between the two data centers periodically. Allyn uses vendor-supplied technologies to optimize the accuracy and integrity of replication between primary and secondary systems and to continuously monitor the data replication process.
Allyn may store in all data centers identifying information about a Customer’s instance(s) of the Covered Solutions and Personal Data about Users for the purposes of operating the Covered Solutions, such as facilitating the login process and the provision of Customer support. Such Personal Data shall only include, as provided by the Customer in its provision of User accounts: first and last name, email address, username, phone number, and physical business address.