SOVRA is delivered through a web browser accessible via the internet allowing for easy access to the software from anywhere with an internet connection. The solution is compatible with the latest versions of the following web browsers:

• Microsoft Edge
• Mozilla Firefox
• Google Chrome
• Safari

Our solution is hosted by Amazon Web Services (AWS), leveraging their state-of-the-art infrastructure to ensure high availability and reliability. The data centers are strategically located in the us-west-2 region, spread across availability zones a, b, and c, or in the us-east-2 region, also distributed across availability zones a, b, and c. This geographic diversity enhances redundancy, fault tolerance, and disaster recovery capabilities, providing our customers with a resilient and robust hosting environment.

Amazon Web Services (AWS) employs a wide range of network security measures to ensure the protection of their solution offerings and customer data.

Here are some key ways AWS provides network security:

Virtual Private Cloud (VPC): AWS offers VPC, which allows users to create isolated network environments within the AWS cloud. This enables users to define their network topology, configure routing tables, control inbound and outbound traffic using security groups and network access control lists (ACLs), and even establish VPN connections for secure communication between on-premises environments and the AWS cloud.

Security Groups and Network ACLs: AWS users can configure security groups (firewall rules) and network ACLs to control inbound and outbound traffic at the instance and subnet levels. Security groups are stateful and are associated with instances, while network ACLs are stateless and work at the subnet level.

Encryption: AWS provides encryption mechanisms for data in transit and at rest. For data in transit, Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocols are used to encrypt communication between services. For data at rest, services like Amazon S3 and Amazon RDS offer encryption options.

Identity and Access Management (IAM): IAM enables fine-grained control over who can access AWS resources and what actions they can perform. Users and roles are assigned specific permissions, reducing the risk of unauthorized access.

DDoS Protection: AWS offers DDoS (Distributed Denial of Service) protection services, such as AWS Shield, which helps safeguard applications from large-scale attacks. AWS Shield Standard is automatically enabled on all AWS resources at no extra cost.

Web Application Firewall (WAF): AWS WAF allows users to set up rules to filter and monitor HTTP and HTTPS requests to their resources, helping to prevent common web application attacks.

Inspector and GuardDuty: AWS Inspector helps users assess the security and compliance of their applications. AWS GuardDuty analyzes VPC flow logs to detect unexpected and potentially malicious activity.

Multi-Factor Authentication (MFA): AWS encourages the use of MFA to add an extra layer of security to user accounts and control access to the AWS Management Console. 

Compliance: AWS complies with various industry standards and regulations. Customers can use AWS Artifact to access AWS compliance reports and attestations.

SOVRA’s cloud SaaS solution is fully SOC 2 Type II compliant, demonstrating our commitment to maintaining the highest standards of security and data protection. This compliance is ensured through rigorous annual audits, which thoroughly assess our controls and processes to confirm they meet or exceed industry standards.

Data Protection

Data segregation is achieved through meticulously designed access controls that guarantee data privacy and security for each client. This approach involves utilizing unique tenant IDs to clearly distinguish each client’s data, alongside implementing strict query filtering mechanisms to prevent any potential data leakage. These measures ensure that each client’s information remains isolated and secure, maintaining the highest standards of data protection and integrity.

All data is encrypted both in transit and at rest, ensuring comprehensive protection against unauthorized access. To safeguard data in transit and at rest, we employ Cryptographic Hash Functions, Symmetric and Asymmetric Key Algorithms that meet NIST SP-131A requirements. Furthermore, our SSL configuration utilizes TLS 1.2 and 1.3 protocols, along with the preferred cipher suite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, to provide robust security and encryption.

SOVRA performs automatic daily data backups for all in- scope applications according to the backup procedures. If the automatic procedure fails, an email is sent to the team responsible for that backup for immediate remediation. In the case of a disaster, an escalation process is in place and recovery objectives are documented in a formal disaster recovery plan which includes the applications to recover, restoration order and timeframes, recovery sites, storage site and frequency of backups.