Frequently Asked Questions and Answers on AGS Security Processes |
The OCMS Portal platform is developed with the highest level of security protocols to be used for a wide range of organizations and clients including federal governments, state and local governments, large commercial enterprises, consulting firms and their clients, small & mid-sized businesses, non-profit organizations, agencies, educational institutions, healthcare & medical institutions, insurance companies, financial services firms, and more.
We apply a variety of security methods to ensure that the data you enter into our platform is safe, secure, meets regulatory compliance, and is available only to registered users that you add to your account. This page covers information about AGS data protection and security measures. OCM Solution is owned by Airiodion Group LLC (AGS).
Table of Contents
- AGS Policies and Procedures
- International Regulatory Compliance Standards
- AGS Application Security
- AGS Non-Disclosure Agreement (NDA)
- AGS Application Architecture
- AGS Security (Encryption)
- AGS’ Legal Obligations to Our Customers
- AGS Data Backups
- AGS Data Retention Policy
- Customer Data Privacy and Security
- Unique Credentials Protocols
- Secured Environment and Firewall
- Data Collection and Transmission Protocols
- Does AGS Integrate with Other Systems Like SAP or Oracle?
- AGS Legal
- AGS Privacy Policy
- AGS PCI Compliance
- AGS’ Commitment to the GDPR
- AGS Terms of Use
AGS Application Architecture
The AGS Architecture page provides a description of the structure, interaction and mapping of how AGS’ software applications are assembled as part of its overarching enterprise architecture and how those applications interact with each other to meet customers’ business and user requirements.
Does AGS Integrate with Other Systems Like SAP or Oracle?
AGS is in the process of developing APIs that can be integrated to other applications, including SAP, Oracle Cloud, Microsoft, and more.
For now, customers can use our Cloud-based solution as it is now. When the APIs is ready, we will work with your IT department to insert your SAP, Oracle, or software data with our Cloud application, and ensure automatic, secured, and safe fetching of your data onto our solution.
AGS Policies and Procedures
Our operational policies ensure that we provide all our AGS team members with the necessary practices to build upon the strong foundations of their security onboarding. We utilize these policies daily and review them regularly.
AGS has implemented the following internal policies:
- Information Security Policy
- Access Control Policy
- Backup Policy
- Change Management
- Data Classification Policy
- Data Protection Impact Assessment (DPIA) Policy
- Data Protection Policy
- Data Retention Policy
- Disaster Recovery
- Security Risk Management & Governance
- Third-Party Risk Assessment Process
AGS Application Security
Security is at the forefront of AGS’ development mindset. We’ve built both internal and external security checkpoints into the AGS application development pipeline.
Our Engineering team embraces the culture of peer-review, ensuring that our coding guidelines are followed and maintained. We validate our deployments with regular ongoing security assessments, conducted with industry-leading external vendors.
We strive to have a long-term architectural vision for our application security that is continuously evolving. As we build new features for our product, we identify reasonable opportunities to further this vision in iterations, while maintaining a conscious security mindset.
AGS Data Backups
At AGS we use Database replication to keep your data safe in the case of system failure. Full database backups are taken every day, stored on safe locations, and kept for seven days as an electronic copy. In case two or more database nodes would fail concurrently we would have to revert to a backup.
Data backup does not apply to visitor visitations to our sites. We only back up consumer data (templates & dashboards).
AGS Data Retention Policy
Upon cancelling your account, AGS will maintain the account data for 60 days after which the account data will be deleted. Where applicable or required by law we will keep the records longer.
For Group Accounts, we will save your project data for 60 days after you have closed out a project. During this 60-day timeframe you can always reactivate the project, and continue working on it.
Customer Data Privacy and Security
AGS utilizes some of the most advanced technology for Internet security available today.
When you access our site using a supported web browser, Secure Socket Layer (SSL) technology protects your information using both server authentication and data encryption. When you log in and access any page on your account, you will see a small lock icon at the top left section – to the left of the page’s URL – indicating that a secure connection has been established to our server.
Unique Credentials Protocols
AGS provides each user in your organization with a unique username and password that must be entered each time a user logs in. AGS issues a session “cookie” only to record encrypted authentication information for the duration of a specific session.
The session “cookie” does not include either the username or password of the user.
AGS does not use “cookies” to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.
Secured Environment and Firewall
In addition, AGS is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Customer Data is stored on a primary database server with multiple active clusters for higher availability.
Customer Data is stored on highly redundant carrier-class disk storage and multiple data paths to ensure reliability and performance. Backups are verified for integrity and stored in the same data centers as their instance.
International Standards
AGS takes the safety of its clients’ data very seriously.
We comply with a number of international standards, including PCI DSS, FISMA, ISO/IEC 27001:2005, SAS 70 Type II, SysTrust, and Eu-US and Swiss-US Safe Harbor.
Data Collection and Transmission Protocols
Firewalls are in place exposing only the necessary ports through the internet and between different servers. Intrusion protection system (IPS) software is in place as a second layer of security, which will block access as soon as any suspicious login activity is detected.
AGS transmits data from the visitor’s browser to our system using HTTPS.
AGS Security (Encryption)
Data in transit is encrypted using the following protocols and ciphers:
- SSL Protocols
- SSL Ciphers
- Cross-functional data touchpoint protocols
AGS’ Legal Obligations to Our Customers
AGS is committed to keeping your data private and secure. To this end, we have expressly stated how we will handle your private data.
For a greater understanding of the legal obligations AGS adheres to regarding data privacy, please refer to our Legal Statements, Privacy Statement, as well as our Terms of Use agreement:
- AGS Legal
- AGS Privacy Policy
- AGS Non-Disclosure Agreement (NDA)
- AGS PCI Compliance
- AGS’ Commitment to the GDPR
- AGS Terms of Use
As outlined in the Privacy Statement, AGS does not review, share, distribute, print, or reference your data except as provided in the AGS Terms of Use, or as may be required by law.
For exact information, please refer to the Privacy Statement, as well as the Terms of Use agreement. These items can be viewed by clicking the relevant links above.
Email us if you have any questions: Contact AGS.