Security & Trust

Meet FedRAMP and CMMC Compliance Objectives

Learn how TechnoMile partners with Cloud Service Providers (CSPs) to support clients’ FedRAMP and CMMC compliance objectives.

Overview

TechnoMile is an Independent Software Vendor (ISV) that builds and deploys natively-developed cloud applications that run on top of either Salesforce or Microsoft Dynamics 365. 

Both Salesforce and Microsoft are Cloud Service Providers (CSPs) that offer SaaS/PaaS environments that maintain a broad range of compliance certifications, including FedRAMP and NIST 800-171. As an ISV, TechnoMile deploys our applications into the appropriate CSP environment based on each client’s preferred platform (Salesforce or Microsoft), required FedRAMP impact level (Moderate or High), CMMC objectives, and any other information security considerations.

The client’s TechnoMile application inherits the security controls and policies of the CSP environment into which it is deployed and TechnoMile can provide best practices for configuration of the environment to support each client’s FedRAMP and CMMC compliance objectives. 

---

FedRAMP Moderate and High

• TechnoMile is an ISV that is:
  • Certified by Salesforce to deploy into its Government Cloud Plus (FedRAMP High) environment, as well as its Commercial Cloud 
  • Certified by Microsoft to deploy into its Microsoft Azure Government (FedRAMP High) environment 

• These certifications require that TechnoMile’s natively-developed applications undergo routine independent assessments of our security controls by Salesforce and Microsoft and that we remediate any identified vulnerabilities 

---

Compliance Certifications

• Both Salesforce and Microsoft maintain a comprehensive range of compliance certifications and attestations for their cloud environments, which are inherited by TechnoMile solutions upon their deployment into the client’s preferred CSP environment. These include, but are not limited to:
  • ISO 27001  
  • ISO 27017  
  • ISO 27018  
  • SOC 1 Type II (SSAE 18 Report)  
  • SOC 2 Type II (Trust Principles Report)  
  • PCI-DSS  
  • TRUSTe Certified Privacy Seal  
  • FedRAMP (NIST 800-53)  
  • NIST 800-171 
  • PrivacyMark from the JIPDEC  

• For more details regarding Salesforce certifications, visit this site. For more details regarding Microsoft certifications, visit this site.  
• TechnoMile deploys into the client’s selected CSP environment (Salesforce or Microsoft Dynamics 365) using best practices to support compliance with FedRAMP and CMMC controls

Information Security Program

Learn about key elements of our current program that enable TechnoMile to maintain rigorous security standards and continuously bolster our security posture.

Security Policies and Procedures

TechnoMile: 

• Maintains a SOC 2 Type I attestation – a copy of the report may be obtained under NDA through TechnoMile’s Trust Center 
• Maintains an Information Security Program based on SOC 2 that aligns to NIST 800-171 security controls 
• Performs internal and third-party penetration testing on production infrastructure  
• Deploys our TechnoMile Platform and Services into FedRAMP-authorized cloud environments based on data types and compliance requirements 
• Maintains formal IT security policies and procedures that:
  • Guide our collection, storage, and maintenance of personally identifiable information (PII) to protect PII from unauthorized disclosure 
  • Protect the physical and logical integrity of our IT resources by establishing standards for network security, protection against malicious software programs, connecting devices to the network, remote access, event monitoring, etc. 
  • Outline standards – such as user authorization/access requests, password policies, anti-virus software use, application of software updates, vulnerability management, encryption of storage devices, etc. – to appropriately secure IT systems, network resources, and applications 
  • Require all TechnoMile employees to participate in annual information security awareness training 
• Utilizes a secure Microsoft 365 cloud environment that complies with a broad range of legal and regulatory standards to manage its infrastructure and data, leveraging the Microsoft 365 compliance center, as well as Microsoft 365 intelligent security solutions for identity and access management, threat protection, information protection, and security management  
• Partners with top-tier cloud services provider, Amazon Web Services (AWS), to host our TechnoMile Platform and Services in an environment that includes physical and logical protections and delivers robust performance and reliability:
  • Dual Next-Generation Firewalls from Cisco in high-availability routing  
  • Multiple layers of network security controls, including policy-based-routing (PBR), Web Application Firewall (WAF), and Intrusion-Detection/Intrusion-Prevention Systems (IDS/IPS) 
  • Advanced asymmetric encryption for protection of in-transit data from end-to-end 
  • At-rest data encryption of personally identifiable information (PII) to achieve a high level of data protection   
  • Real-time, continuous security monitoring 
  • State-of-the-art hosting facilities with availability zones to support automatic fail-over, environmental protections like fully redundant power systems, temperature/climate control, and protection against fire and water damage, as well as N+1 core applications 
  • Use of standardized, proven server configurations underpinned by optimized hardware results in predictable, stable performance 
  • Predictive high-availability and hot spare hardware delivers improved availability