Security and Compliance

Make auditors happy by meeting and surpassing security regulations.

Multi-tenanted architecture segregates data

Service Support Manager on Demand is a multi-tenanted environment where each customer implementation resides in its own isolated namespace, ensuring complete data security. All business data is stored in separate tables specific to the namespace and is isolated from other customers' data.

Identity and access management

Service Support Manager on Demand features strong identity and access management with multiple levels of access control, network security through 128-bit SSL, firewall protection for all servers with databases protected with an additional firewall, as well as intrusion detection and prevention systems.

Network security

The hosted deployment is firewalled, accessible only through specific SSL-enabled ports and certain external virtual IP addresses. All communication between components within the firewall happens via internal virtual IP addresses.

Single sign-on (SSO)

With SSO, the login process automatically captures the user’s namespace and other credentials, and all further access to the system is governed by this information. Micro Focus also offers a hybrid authentication model, enabling customers to integrate Service Support Manager on Demand with their existing on premises authentication provider such as LDAP.

Physical security

The hosted infrastructure is SAS70 Type II certified. All physical access to the machines is restricted through physical isolation. Network access is restricted through firewalls and by authentication mechanisms. Users can only access web pages and the web services API through secure HTTPS ports.

Data backup and disaster recovery

Service Support Manager on Demand provides enterprise-level data protection and backups to facilitate quick recovery in case of a disaster. Backups range from full weekly backups to daily incremental backups as well as transaction logs that are captured every four hours. The hosting provider has been certified by PCI Security Council DSS 1.2 for data protection.

Hosting partner security credentials

Compliance requirements are always on the rise and are a source of constant concern in every area of business. Micro Focus hosting partners hold the following credentials that aid transparency and security:

  • SAS70 Type II Audited
  • PCI Compliant Level 1 Service Provider
  • Safe Harbor Certified
  • ISO 27001 Certified
  • FISMA and DIACAP Compliant Federal Cloud
  • ITIL v3 based best practices
  • Top Secret Facility Clearance: (as assigned by DSS) – NCR and NAPMIA
  • SANS GIAC Certified Staff: 100% of Security Operations Center staff hold this certification
  • Compliant with NIST 800-86, 800-61 and US-CERT Concept of Operations for Federal Cyber Security Incident handling
  • Implemented Director of the Central Intelligence Directive (DCID) 6/9 Environments: Sensitive Compartmented Information Facilities (SCIF)