Axiom Cloud security details

The Axiom Cloud utilizes the robust and proven infrastructure services of Microsoft Azure. The Axiom Cloud employs a robust security and risk protocols framework that enables our customers to meet a number of their industry-specific regulatory requirements, and meets the following certification requirements:

  • ISO/IEC 27001:2005
  • SOC 1 and SOC 2 SSAE 16/ISAE 3402
  • HIPAA Compliance
  • Gramm-Leach-Bliley Act
  • Cloud Security Alliance Cloud Controls Matrix
  • Federal Risk and Authorization Management Program (FedRAMP)
  • United Kingdom G-Cloud Impact Level 2

Further details may be found at the Microsoft Azure Trust Center.

Client installation

Using Internet Explorer, first-time users access the Axiom Cloudvia a secured web browser to a dedicated URL. Here the software prerequisites can be installed and the Axiom Windows Client, Excel Client, or Web Client can be launched.

Axiom Software takes advantage of the Microsoft ClickOnce technology that is included within the Microsoft .NET Framework. This technology allows the Windows Client or Excel Client software to be installed and launched with minimal interaction from the user. The ClickOnce technology provides the following benefits:

  • Hyperlinks directly into the system.
    The Axiom Software Client includes a unique ability to hyperlink to URLs within the different areas of the platform. Users can email hyperlinks to other users that will launch the client and open the destination file. Users can email workflow alerts and other notifications that include hyperlinks into the system to address the alert. When users navigate data within an Axiom Software dashboard, they can drill to source data in the client.

  • The Axiom Software Client is automatically updated.
    When a user launches the Axiom Software Client, it runs outside of a browser window. During the login process, users are prompted to accept any applicable service updates.

  • Minimal impact to user computers and other installed applications.
    Traditional applications are installed using Windows Installer deployment and often rely on shared components, which can create potential versioning conflicts. By utilizing the ClickOnce deployment technology, the Axiom Software Client is completely self-contained and does not interfere with other applications.

  • No changes to end-user permissions.
    Applications deployed using Windows Installer often require “local administrator” permissions, which can present problems when users do not have such access. Non-administrative users can install and launch the Axiom Software Client without elevated permissions. Administrative rights are required to install the software prerequisites.

System security and user authentication

An Axiom Software system administrator, designated internally by your organization, is responsible for creating and maintaining user accounts and permissions. User setup is performed within the Axiom Software Client. Authentication for end users is provided by direct integration with your organization's existing SAML, Active Directory, or OpenID.

Backups

Kaufman Hall maintains thirty (30) days of data repository snapshots for your Axiom Software system, which includes all files and data. Backups can be restored as needed per your organization's request. The retention period can be adjusted based on your organization’s requirements. All data beyond the retention period is automatically destroyed using industry-standard practices.

High availability, disaster recovery, and business continuity plan

Kaufman Hall maintains and regularly tests a robust business continuity plan. The service is load-balanced and geo-replicated; all data is mirrored at multiple sites in the case of a disaster.

Data Encryption

The Axiom Cloud compresses and encrypts all data in transit with a 256-bit SSL certificate using TLS 1.2. Data at rest in the Axiom Cloud infrastructure is encrypted at rest in real-time using a symmetric encryption key.

Scalability

The Axiom Cloud can support any number of users. Kaufman Hall will provide the necessary services to support user access per your licensed number of users.

Service levels

By taking advantage of load-balanced application pools and infrastructure scaling, Axiom Software on Microsoft Azure delivers a service level of at least 99.5% monthly — ideal for your enterprise system. Kaufman Hall provides enterprise-level back-office support to ensure that servers are up-to-date and meet performance requirements.

Platform upgrades

All Axiom Software platform upgrades are available to Axiom Cloud clients. Upgrades will be applied to your system at your request.

3rd party vulnerability testing

Kaufman Hall engages a 3rd party to review source code for a wide variety of vulnerabilities and software design techniques. The software and techniques are analyzed, tested, and monitored by the 3rd party. This vulnerability analysis is performed on a periodic basis, at least annually. Results of the review are evaluated and implemented within the source code based on priority.

HIPAA Compliance framework

The Axiom Cloud leverages Microsoft’s Azure HIPAA Compliance framework. Microsoft Azure core services are audited by independent external auditors under industry standards, including ISO 27001. The scope of the ISO 27001 audit includes controls that address HIPAA security practices.