You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > General Quest Information > Security Overview
Security Overview
print icon

Quest application and user access

  • Web application, users only need modern browser
  • Users only access is via the web browser
  • Can limit access by IP address to limit access from known locations
  • Can limit access by time frame to limit access during "business hours"
  • All work is performed by our server
  • Users must provide Jurisdiction, User id and password
  • Passwords
    • can be changed as often as desired.
    • can configure to require changed every x days
    • length and special character validations can be set and enforced as well
    • Can configure automatic user access removal for not signing on in x number of days
  • Users are assigned a security access level/group
  • Security is very granular.
    • Add, Update, Delete, Display
    • DOB, SSN separate authorities
    • Document level authority
    • Supports redaction for Quest documents.
  • Data encrypted in transmission
    • Gawquest.com certificate issued through DigiCert High Assurance
    • HTTPS
    • RSA 2048 bit TLS 1.2 encryption over HTTPS.
    • We redirect HTTP to HTTPS
    • only ports open to the server are 80 (HTTP) and 443 (HTTPS)
  • CJIS audit
    • FIPS compliant
    • Audit logs
      • Sign on/off
      • Authority changes
      • Password changes
      • Views of system log
      • Bad logons
    • User access log

 

  • IBM iSeries
    • Secure platform - doesn't lend itself to viruses
    • RAID-5 protected
    • Dual power supply's
    • Full system backups are performed weekly
    • Backups are stored offsite in a locked safe
    • All database changes are written to a journal and the journals are copied offsite nightly
    • Quest is down every Monday morning from 3AM - 5AM CST for a full backup of the system
    • Have agreement to use server in another location (at a 911 facility) for co-hosting in extreme circumstance.

 

  • Expedient data center
    • 24 hour secured facility. Requires escort to the rack.
    • Only two people have access to the rack and signon access to the server
    • Server room has fire suppression system
    • UPS protected by multiple generators
    • Two separate electrical power sub stations feed the building and provide dual power
    • sources to the server cabinet.
    • Multiple ISPs feed the data center providing access to GAW with automatic switch over
    • SOC 1 & 2 report

 

 

Feedback
0 out of 0 found this helpful

scroll to top icon