At tuOtempO we know that our customers rely on us as an important part of their business processes.
We take our responsibilities to our customers seriously, and the security and reliability of the software, systems and data that make up the tuOtempO application are our top priority.
All information travelling between your browser and tuOtempO is protected from eavesdroppers with 256-bit SSL encryption. The lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating tuOtempO and that your data is secure in transit.
The tuOtempO application – including your data – rests securely behind multiple layers of external firewalls.
tuOtempO’s servers are scanned for vulnerabilities regularly by our security team. These scans test our servers both from the Internet and from inside our network, and any newly-identified problems are addressed as quickly as possible.
Session Monitoring and Application Logs
Individual user sessions are uniquely identified and re-verified with each transaction. Application logs record the creator, last update, timestamps, and originating IP address for every record and transaction completed.
All of the traffic entering and leaving tuOtempO’s network is monitored by an Intrusion Detection System (IDS) and any unusual behaviour is analyzed by our system administration team.
Particularly sensitive information – patient identity, passwords – are encrypted in our database using AES. Customers passwords are not accessible by tuOtempO personnel.
Hardware and software configurations are designed to provide secure logical separations of customer data that permit each customer to view only its related information. Multitenant security controls include unique, non-predictable session tokens, configurable session timeout values, password policies, sharing rules, and user profiles. The tuOtempO service supports delegated authentication.
Customer-Controlled Privacy and Security Settings
Customers may determine which of their respective designees can access different categories of data. Customers may set customizable password rules. Customers may create custom fields that are encrypted in storage for sensitive information types.
The tuOtempO servers are located in Amazon datacenters, which provide biometric access controls, constant surveillance, redundant power feeds and generators, robust fire suppression, and carefully monitored climate control to protect the servers that store your data.
All customer data is stored in secure data centers and is replicated over secure links to a disaster recovery data center. This design provides the ability to rapidly restore the tuOtempO service in the case of a catastrophic loss.
Redundancy and Scalability
The tuOtempO service is highly scalable and redundant, allowing for fluctuation in demand and expansion of users while greatly reducing the threat of long-term outages. Load-balanced networks, pools of application servers, and clustered databases are features of our design.
tuOtempO has chosen Amazon Web Services for our hosting needs together with Scalr cloud management software. With clients like IBM, Ericsson. Unicredit, Samsung, Accenture we know Amazon Web Services & Scalr provide the hardware, service and expertise you expect.
tuOtempO has privacy and security-conscious policies that apply to all of our information handling practices.
Contractual Privacy Protection for Customers
tuOtempO’s contracts include confidentiality provisions that prohibit us from disclosing customer confidential information, including customer data, except under certain narrowly defined circumstances, such as when required by law. tuOtempO agrees not to use, modify, or disclose to anyone other than a customer’s designees any of its respective customer data. tuOtempo agrees not to access customer’s accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer’s request in connection with a customer support issue, or where required by law.
Code of Conduct, Confidentiality Agreements, and Information Security Policies
Every tuOtempO employee and contractor must follow tuOtempO code of conduct, sign confidentiality agreements, and follow tuOtempO information security policies.
For information collected on tuOtempO’s Web site, tuOtempO provides assurances around the types of information collected, how that information may be used, and how that information may be shared. tuOtempO offers individuals the opportunity to manage their receipt of non-transactional communications. tuOtempO offers individuals the opportunity to update or change the information they provide.
tuOtempO’s comprehensive privacy and security program includes communicating with personnel and customers about current issues and best practices.
Internal Training and Communications for tuOtempO Personnel
tuOtempO regularly communicates with our personnel about our obligation to safeguard confidential information, including customer data and personal information. tuOtempO provides classroom training around confidentiality, privacy, and information security for all new employees during its monthly new hire orientation. All tuOtempO personnel are required to complete an annual privacy and security training and are tested on the materials presented.
Customer End User Awareness
tuOtempO strongly encourages all of our customers and users to adopt industry-standard solutions to secure and protect their authentication credentials, networks, servers, and computers from security attacks. We email end users about specific security issues when warranted.
tuOtempO has teams and individuals responsible for security and security-related matters. The CTO is responsible for tuOtempO’s security program and personnel, including information, product, and corporate security, enterprise risk management, and technology audit & compliance. The CTO is responsible for tuOtempO’s privacy program, including compliance with applicable privacy and data-protection laws. Additionally, all tuOtempO personnel are required to follow tuOtempO’s confidentiality, privacy, and information security policies.