Windows 10, 64-bit.
Yes.
FieldWare software is browser agnostic and runs on Internet Explorer 11, Edge, Chrome, Firefox and Safari.
There are no additional computer or mobile device additional technologies other than the standard browsers or using current versions of Android and IOS.
No. Our software is 100% web-based and only requires that users have Internet connectivity.
Our software is licensed by the number of allowed users (not concurrent) for the authorized customer agency(s).
We can either host our solution on-site within the customer’s network infrastructure or we can host it for the customer utilizing the Microsoft Azure Government data center. Azure Government provides the network infrastructure to support application and service connectivity requirements with Network Segmentation, Network Access Control, Azure Firewall and Monitoring and Threat Detection.
Yes, it logs IP addresses and the browser version.
Yes. The solution uses TLS 1.2.
The customer’s IT Department.
Yes. Application security is provided through on going BreachLock certification in which FieldWare complies with the required levels of application security and penetration testing in the industry.
The Workforce Management PLUS system supports a configurable and polymorphic multi-factor authentication scheme. FieldWare offers two multifactor authentications for non-active directory access. This provides limits and freezes access for a time period. FieldWare encrypts passwords within the application authentication process. The solution supports hash password management including hash password management for external systems when FieldWare is responsible for sending user information for external platforms.
End users are authenticated using Multi-Factor Authentication, SMS Passcode, Email Passcode, iOS App/Android, or both, SSO w/ADFS and/or System Only.
Where the solution is Active Directory integrated, FieldWare places the security management within the Active Directory authentication. Regarding username and password select access when in error, the solution does not allow access nor provides the user knowledge of which element failed. Therefore, robots do not know what passed and what failed. Regarding IP address monitoring, if desired by the agency FieldWare can log IP address attempt restriction counts based upon the desires of the agency.
When using active directory, it does not require the storage of passwords or usage of passwords. Rather, FieldWare leverages the activity directory security to authorize access. PLUS is configurable to have a session time out set to the length of time of the session; and is configured using the agencies define settings.
The solution logs the access attempts and successes. This includes IP address recognition. Additionally, it logs the log out date/time of a user.
Sensitive data such as username, password, date of birth, driver license, SSN (optional PLUS does not require this at all) are encrypted. FieldWare is compliant with the requirements of handling these types of data.
Yes. Since our software is hosted within the Azure Microsoft Government infrastructure, it includes SSAE 16, 18; SOC1; SOC2, and FEDRamp certifications. Additional information can be found at https://docs.microsoft.com/en-us/azure/compliance/.
Yes, for U.S. based customers. Data for Canada based customers is stored within Canadian borders.
Yes. We require our employees to complete and maintain CJIS certifications as a standard practice.
Yes.
Yes. System Access can be set for whitelisted IP addresses. Blacklist IP address are denied access to the system.
Yes, cookies are used for session management only. The only data collected is a time count for auto logout. They are destroyed at logout or the system logging the user out.
Yes. Application security is provided through on going BreachLock certification in which FieldWare complies with the required levels of application security and penetration testing in the industry.
PLUS is kept current with the TLS levels released and standardized for security purposes. The Azure environment implemented for our customers includes adding the Azure Security Monitoring and Dashboard solution. This option provides notifications for support, engineering, and architecture for any alarming or security notification setting we have established.
For any vulnerability notification, the priority level is managed at a priority 1 or priority 2 level within Support. Orion follows a customer rapid response formal process for these two priority levels. The lead on the issue comprises of the Application Architect and the Database Architect. The team consists of the Senior Infrastructure Engineer, Customer Advocate, and Mobile Senior Engineer. The Support Manager is responsible to make sure event sequence is recorded, steps for resolution are documented, root cause is identified, and resolution options comprising of Triage versus Long Term are documented and implemented. Within the support agreement PLUS includes Service Levels that require customer notification time periods.
Our software houses its data with a recommendation of archiving every 4 years. The data is not deleted, but merely archived into archive tables and are still accessible by the system and reports.
Data that is updated from the front end or through an import process is owned by the customer. All Schemas, Training Videos, Knowledge Center Videos and Reference IDs are owned by FieldWare.
Access is provided through data models designed to support reports created by front end tools within the application. If the customer require direct database access an additional reporting server is required, and the customer's authorized IT personnel are provided access. The database is MS SQL
Yes. We archive customer data and storage is not time dependent for archived information.
No. FieldWare contractually does not have the right to use or resell customer data.
Yes. System Access can be set for whitelisted IP addresses. Blacklist IP address are denied access to the system.
We back up customer data nightly using the Microsoft Azure region centers. Data is retained for a rolling 10-day period.
We restore lost or corrupted data from backups that are housed in the Azure Government Cloud infrastructure. Database monitoring tools are run on the server on a regular basis for the sole purpose to manage and mitigate data corruption.
Through the use of Microsoft Azure recovery sites, FieldWare implements VMs replication to another geo-location. Due to the VM being fully replicated no interface changes are required for failover. The failover process is simply deactivating the primary site and bringing the secondary site online. Once the Primary site is back up, the failover can be set back to the Primary site. Azure automates failover recovery for FieldWare's hosted customers.
Azure Service Health Notifications is a service that provides alerting notifications that are defined by a class being informational or actionable. The Health System allows for the creation of rules (classes) of different actions or information coming from the monitoring system.
FieldWare utilizes these rules to provide advanced alerting of information notifications for proactive actions. The actionable alert is an error alert that are server or services-based items that could or has affected system performance. The actionable alerts are acted upon when received to address the infrastructure situation by the Orion Help Desk and Operational support team.
FieldWare uses the Recovery Service Vault within Azure services to schedule system backups. The Recovery Vault resides in the geo-location of the primary service to a secondary geo-location. This service provides a complete backup of the VM to support immediate restoration capabilities. Site Recovery is an automated process that is setup when the VM is built. Data backups are stored in a Recovery Services Vault. These vaults are in the same region as the service area for the VM with a Secondary location stored in another geographical region. The backups are configured for a full back up every day and are archived for 30 days. Log backups are done hourly with a 30-day retention.
The system uses tools to export data to SecureFTP for data file exchanges. The exported data is recorded in the database for reference and reporting purposes. Importing data is also done through file drops using SecureFTP. The imported file is stored on the server and then moved to a processed folder.
There is a consistent naming convention used for all imported files which provides logic to the code file pickup routing. Files can be auto-deleted, aka only saved for X number of days. Data is imported into landing tables for collection of raw data. This data is then validated and moved to a staging table, bound back to the raw data table through ID records.
If validation has failed, an error log table processing the rationale for failure in both string format and code number format for referencing and reporting. Batch data is recorded with the number of records processed, failed, good, bad counts. The actual row of the imported file is recorded and represented in the raw data and error logging.
The API solution provides the same type of processing as a data file but allows more standard machine-to-machine communication regarding receipt, processing success or failure. Imports can be scheduled for checking by time of day, day of week, or in close to real time process (batch check by minute increment).
The system uses tools to export data to SecureFTP for data file exchanges. The exported data is recorded in the database for reference and reporting purposes. Importing data is also done through file drops using SecureFTP. The imported file is stored on the server and then moved to a processed folder.
There is a consistent naming convention used for all imported files which provides logic to the code file pickup routing. Files can be auto-deleted, aka only saved for X number of days. Data is imported into landing tables for collection of raw data. This data is then validated and moved to a staging table, bound back to the raw data table through ID records.
If validation has failed, an error log table processing the rationale for failure in both string format and code number format for referencing and reporting. Batch data is recorded with the number of records processed, failed, good, bad counts. The actual row of the imported file is recorded and represented in the raw data and error logging.
The API solution provides the same type of processing as a data file but allows more standard machine-to-machine communication regarding receipt, processing success or failure. Imports can be scheduled for checking by time of day, day of week, or in close to real time process (batch check by minute increment).
Upgrades are scheduled through a maintenance window that houses an agreed upon start and end time period with the customer’s IT staff. The front end of the site is updated with a screen informing personnel that the site is down for maintenance and will be back up at the scheduled time.
Yes. Our provided Microsoft Azure Government infrastructure is a High Availability using the Azure Availability zones that consist of 3 distinct centers in 3 different zones. These datacenters are physically separated and equipped with independent power, cooling and networking. Availability Zones support mission-critical applications with high availability and low-latency replication.
Yes. System failover is provided through a high availability solution.
If there is a full failure of the High Availability solution, agency personnel are able to use the Azure portal to create a new Virtual Machine and the restore is retrieved from the Azure Backups.
We provide an online support site for the submittal of system issues. We also provide an on-call 800-number in the event of an afterhours emergency.
Our customers are assigned a lead support engineer and have access to this engineer at any time during normal work hours. The after-hours support line is able to contact this engineer in the event of an issue.
Orion also receives messages through email to a specific Customer Email account from the existing system providing any error notifications and import/export statistics.
In addition, we use the Microsoft Azure high available data center support program to view system performance, statistics, and platform service recommendations.
Our root cause analysis process determines the location of the issue and the resolution impact. Our support site documents these findings, and our Support Team coordinates all updates with the customer. Resolution is categorized within the Change Control Management process to determine the risk assessment, which is reviewed with the customer. A release of the update is either scheduled or authorized for an immediate patch. If the issue resolution is required to reduce data loss or corruption the resolution is spearheaded by the data team for an immediate database patch with the effort to reduce any long term issues.
Updates and patches are coordinated through a release to the customer-provided test site. This includes release notes and ATP testing plans. Upon acceptance (which must occur within an agreed-to timeframe not to exceed 14 days), the system is scheduled for upgrade. Upgrades are typically scheduled for after 5 pm Monday through Wednesday. Weekly change control meetings occur to validate customer upgrade plans, schedules, and personnel.
Our software has 1 upgrade/patch quarterly with 1 major functional upgrade annually. Ad-hoc patches are coordinated directly with the customer representative and can be scheduled through a mutually agreeable time period. Each customer has control of when patches and updates are applied to their instance of the system.