Security Features

Our Security Policy

  • All StoneWater staff members have undertaken criminal background checks in Canada
  • 3rd Party ‘ethical hacking’ services are used to verify vulnerabilities (ie script injections, SQL injections, and so on)
  • There are no standing privileges to the production databases and access is denied by default. An administration account exists for your company and is enabled/disabled by you when support is requested and we log it to your application for support. Like your staff, our activity is logged for you to see
  • Access is provided in two scenarios:
    • at the point we are performing maintenance/upgrades. A notification will be sent to all clients informing them of the nature and timing of the maintenance
    • at your request for support purposes
  • In any instance, the StoneWater member along with the date, time, and description of the access is recorded and sent to you to establish a full chronology of access requests

Microsoft Azure Security Layer

  • 24 hour monitored physical security
  • Monitoring and logging through MS centralized monitoring
  • Antivirus/Antimalware protection
  • Intrusion detection and DDoS (Denial of Service Attacks)
  • Zero standing privileges whereby data by Microsoft operations and support personnel is denied by default
  • Isolation to apply network isolation to prevent unwanted communications between deployments
  • Encrypted communications and built-in SSL and TLS cryptography enables encrypted communications
  • Identity and access allows StoneWater support staff to access the application through multi-Factor authentication and access monitoring

Click here to see Microsoft's full security features that are inherited by StoneWater...

Not ready for cloud services? Contact us for special pricing for an installation on your corporate infrastructure

StoneWater Security Layer

StoneWater employs 258b SSL encryption as well as data-level security within the Azure infrastructure to further protect your information. StoneWaterCM is a "SaaS" application (Software-as-a-Service)

Data Encryption

  • Data is encrypted in the database at the field level for PI (Personal Identifiers). Decryption takes place after a record is read from the database and before it is rendered on screen
  • The application uses 2048b encryption via Secure Sockets Layer (SSL)
  • All SQL Database connections are encrypted. All communication between SQL databases and client applications/tools require SSL as enforced by Microsoft Azure

Record Level Security

  • Without exception, each database record request is validated against our security infrastructure to ensure only those who should have access to a record are able to see a record
  • Each request validates the user and access permissions in the system and this validation ranges from simple lookup values to full case records
  • Your administrator will be in full control of who sees what

User Access Controls

  • At the core of security is your ability to control access to functionality at a user or group level
  • Roles can be created to group users within the same privilege. For example, you may have users who have full access to all aspects of the system while others are limited to the creation of cases
  • Unlimited groups can be created and unlimited combinations of users to groups can be assigned
  • Each functional aspect of the system allows for standard, read, update, delete, and view privileges - which again, you are in full control of
  • An option you have is to enable 1FA or 2FA (Factor Authentication) at a user level. 2FA is employed through a combination of User ID/password and passcode/email verification. 2FA balances allowing your members to access the application anywhere, any time, on any device vs ensuring sensitive corporate information is restricted from the public domain
  • 100% of user read, write, update, and view activity is logged for audit purposes and is easily referenced through the application. Activity logging includes geocoding to determine where an activity took place geographically