Security & Trust
TechnoMile is committed to maintaining our clients’ trust and keeping your data safe.
TechnoMile Support for FedRAMP and CMMC
Meet FedRAMP and CMMC Compliance Objectives
Learn how TechnoMile partners with Cloud Service Providers (CSPs) to support clients’ FedRAMP and CMMC compliance objectives.
Overview
TechnoMile is an Independent Software Vendor (ISV) that builds and deploys natively-developed cloud applications that run on top of either Salesforce or Microsoft Dynamics 365.
Both Salesforce and Microsoft are Cloud Service Providers (CSPs) that offer SaaS/PaaS environments that maintain a broad range of compliance certifications, including FedRAMP and NIST 800-171. As an ISV, TechnoMile deploys our applications into the appropriate CSP environment based on each client’s preferred platform (Salesforce or Microsoft), required FedRAMP impact level (Moderate or High), CMMC objectives, and any other information security considerations.
The client’s TechnoMile application inherits the security controls and policies of the CSP environment into which it is deployed, and these are augmented by ISV-owned controls that are configured and managed by the client to provide comprehensive support for each client’s FedRAMP and CMMC compliance objectives.
FedRAMP Moderate and High
- TechnoMile is an ISV that is:
- Certified by Salesforce to deploy into its Government Cloud (FedRAMP Moderate) and Government Cloud Plus (FedRAMP High) environments, as well as its Commercial Cloud
- Certified by Microsoft to deploy into its Microsoft Azure Government (FedRAMP High) environment
- These certifications require that TechnoMile’s natively-developed applications undergo routine independent assessments of our security controls by Salesforce and Microsoft and that we remediate any identified vulnerabilities
Compliance Certifications
- Both Salesforce and Microsoft maintain a comprehensive range of compliance certifications and attestations for their cloud environments, which are inherited by TechnoMile solutions upon their deployment into the client’s preferred CSP environment. These include, but are not limited to:
- ISO 27001
- ISO 27017
- ISO 27018
- SOC 1 Type II (SSAE 18 Report)
- SOC 2 Type II (Trust Principles Report)
- PCI-DSS
- TRUSTe Certified Privacy Seal
- FedRAMP (NIST 800-53)
- NIST 800-171
- PrivacyMark from the JIPDEC
- For more details regarding Salesforce certifications, visit this site. For more details regarding Microsoft certifications, visit this site.
- TechnoMile augments the security controls and policies of the client’s selected CSP environment with best practice-based recommendations for configuring TechnoMile applications and their underlying Salesforce or Microsoft Dynamics 365 platform to support compliance with FedRAMP and CMMC controls
TechnoMile Commitment to Information Security
TechnoMile is committed to maintaining our clients’ trust and keeping data secured. We maintain a written Information Security Program that is overseen by our VP of Technology and outlines the administrative, technical, and physical safeguards that we employ to protect our systems and ensure data security, integrity, and availability.
Information Security Program
Learn about key elements of our current program that enable TechnoMile to maintain rigorous security standards and continuously bolster our security posture.
Security Policies and Procedures
TechnoMile:
- Maintains an Information Security Program that aligns to NIST 800-171 security controls
- Maintains formal IT security policies and procedures that:
- Guide our collection, storage, and maintenance of personally identifiable information (PII) to protect PII from unauthorized disclosure
- Protect the physical and logical integrity of our IT resources by establishing standards for network security, protection against malicious software programs, connecting devices to the network, remote access, event monitoring, etc.
- Outline standards – such as user authorization/access requests, password policies, anti-virus software use, application of software updates, encryption of storage devices, etc. – to appropriately secure IT systems, network resources, and applications
- Require all TechnoMile employees to participate in annual information security awareness training
- Utilizes a secure Microsoft 365 cloud environment that complies with a broad range of legal and regulatory standards to manage its infrastructure and data, leveraging the Microsoft 365 compliance center, as well as Microsoft 365 intelligent security solutions for identity and access management, threat protection, information protection, and security management
- Partners with top-tier cloud services provider, Amazon Web Services (AWS), to host our TechnoMile Platform in an environment that includes physical and logical protections and delivers robust performance and reliability:
- Dual Next-Generation Firewalls from Cisco in high-availability routing
- Multiple layers of network security controls, including policy-based-routing (PBR), Web Application Firewall (WAF), and Intrusion-Detection/Intrusion-Prevention Systems (IDS/IPS)
- Advanced asymmetric encryption for protection of in-transit data from end-to-end
- At-rest data encryption of personally identifiable information (PII) to achieve a high level of data protection
- Real-time, continuous security monitoring
- State-of-the-art hosting facilities with availability zones to support automatic fail-over, environmental protections like fully redundant power systems, temperature/climate control, and protection against fire and water damage, as well as N+1 core applications
- Use of standardized, proven server configurations underpinned by optimized hardware results in predictable, stable performance
- Predictive high-availability and hot spare hardware delivers improved availability