Security Statement
Since our founding in 1993, thousands of CasaManager users have trusted sensitive data of their children to our system. Our team has worked very hard to ensure this data is safely stored and securely transmitted while in normal use.
For purposes of brevity, the term Our Solutions will refer to CasaManager, CasaConnect, MentorManager and VisitManager and any other solution we publish.
User Security
- Authentication: Each agency is deployed with its own database. For each agency, user accounts have unique usernames and passwords which must be entered each time a user logs on. Users are defined by each agency within their database.
- Passwords: User passwords have minimum complexity requirements. Passwords are individually salted and hashed. User passwords must be changed in regular intervals with our preset being 90 days.
- Single Sign-On: Our Solutions are not currently configured to support Single Sign-On.
- Data Encryption: Certain sensitive user data, such as account passwords, are stored in encrypted format. All data files and attachments are stored encrypted at rest.
- Data Portability: Based on a user’s permission set, Our Solutions enable users to export their data in a variety of formats to be used with other applications.
- Data Residency: Our Solutions are hosted/stored on servers located in the United States.
Physical Security
Our cmCloud servers are hosted in world-class data centers provided by Amazon Web Services (AWS) and Vultr. These data centers include all the necessary physical security controls you would expect in a data center these days (e.g., 24×7 monitoring, cameras, visitor logs, entry requirements).
Availability
- Uptime: Continuous uptime monitoring, with immediate escalation to CasaManager staff for any downtime.
- Backup Frequency: Backups occur daily and may be restored if necessary.
- Backup Retention: cmCloud servers are configured to backup daily. These backups are pushed to an S3 bucket on BackBlaze. Each backup is retained for 365 days.
Network Security
- Firewalls: Firewalls restrict access to all ports except 80 (http), 443 (https), and 5003 (FileMaker Pro).
- Access Control: Role-based access is enforced for systems management by authorized engineering staff.
- Encryption in Transit: By default, Our Solutions hosted on our cmCloud servers, utilize Transport Layer Security (TLS) to encrypt traffic.
Vulnerability Management
- Patching: Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
Organizational & Administrative Security
- Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.
- Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality and security obligations if they deal with any user data.
- Access: Access controls to sensitive data in our databases, systems, and environments are set on a need-to-know / least privilege necessary basis.
Software Development Practices
- Platform: We code in FileMaker Pro that run on FileMaker Server, Macintosh, Windows, and Linux.
- Coding Practices: Our engineers use best practices and industry-standard secure coding guidelines.
- Deployment: Development is conducted in a separate environment and deployed to production as needed. We notify our clients in advance of deploying any major update.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if CasaManager learns of a security breach, we will notify affected users so that they can take appropriate protective steps.
Your Responsibilities
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely.
Last updated: March 17, 2023.
v1.04
Questions? Comments?
Send us a message and we’ll get back to you as soon as we can.
We appreciate your interest and love getting to know our community.