External Security Audits
AmpliFund contracts with external security firms to perform annual audits of the AmpliFund hosting environment and the AmpliFund corporate infrastructure. Audits include penetration testing and vulnerability scanning.
AmpliFund takes advantage of several key Azure services to provide a highly secure customer hosting environment.
Azure provides distributed denial of service (DDoS) protection through always-on traffic monitoring and real-time mitigation.
All web interfaces are protected by Azure Application Gateways and Web Application Firewalls. The Application Gateway provides secure load balancing and application monitoring for multiple web applications. Web Application Firewalls provides centralized protection of AmpliFund web applications from common exploits and vulnerabilities, such as SQL injection and cross-site scripting. The Web Application Firewall is based on the Core Rule Set (CRS) 3.0 from the Open Web Application Security Project (OWASP) and is automatically updated to include protection against new vulnerabilities.
For all databases, AmpliFund uses Azure SQL Server Advanced Data Security and Advanced Threat Protection to monitor for vulnerabilities and anomalies and protect against malicious activity. AmpliFund also uses Azure SQL Server Firewall services to restrict access to only approved IP addresses.
AmpliFund encrypts all data in transit and at rest. Data in transit is encrypted via HTTPS/SSL using SHA-256 encryption. AmpliFund requires HTTPS for all connections. TLS 1.0 and TLS 1.1 are disabled on all AmpliFund servers. File data (at rest) is encrypted via Azure Storage Service Encryption using AES-256 encryption. All AmpliFund Azure SQL databases use Transparent Data Encryption (TDE) to encrypt databases, log files, and backups, in real time, using AES-256 encryption. Both SHA-256 and AES-256 are FIPS 140-2 compliant.
All AmpliFund staff undergo background checks and are required to sign a nondisclosure agreement. All staff are sufficiently trained and may only access data and systems for which they have clearance.
Only approved AmpliFund technical employees have access to the AmpliFund Azure environment. Two-factor authentication (2FA) is required for administrative access to the AmpliFund Azure environment. AmpliFund uses multiple Azure roles to differentiate employees who can make platform changes from those who can deploy and manage releases. Activity within the Azure environment is logged. Only AmpliFund DevOps employees have access to the Production environment.
Only approved AmpliFund Customer Support and Technical Support employees have access to the customer’s AmpliFund implementation and data. AmpliFund Customer Support and Technical Support employees may access the QA, UAT, Stage, or Production environments for the purposes of defect validation, troubleshooting, general support activity, or training. Activity within the AmpliFund environment is logged.
AmpliFund is a secure application that requires all users, whether grantors, grantees, or staff to log in with a unique user ID and password before being able to access the system. AmpliFund customers can define a password policy, including minimum password length; complexity requirements such as special characters, numbers, and capital letters; and password aging, reuse, and lockout.
AmpliFund can be configured to use an external authentication provider (via SAML, OAUTH, or WS-Federation services) and directory.
AmpliFund utilizes role-based security and a granular security model to provide user access to modules, features, and records within the system. System roles are pre-defined. Users can be granted elevated permissions at various spots within the application by setting permissions at the object level. A user, for example, can be added to a grant as a grant manager, which elevates the user permissions for that particular grant.
All AmpliFund development and QA processes follow the AmpliFund Software Development Lifecycle Policy and the AmpliFund Development Process guide. The purpose of the AmpliFund Software Development Lifecycle Policy is to ensure a well-defined, secure, and consistent process for managing the entire lifecycle of AmpliFund development and includes the following phases:
- Requirements Analysis
- Architecture and Design
The policy also defines requirements for secure development with specific patterns and best practices designed to mitigate the OWASP top 10 web vulnerabilities.
The AmpliFund Development Process guide defines the operational procedure that guide the day-to-day activities of the Product, Development, QA, and Infrastructure teams. AmpliFund uses an Agile methodology for all product development.
The AmpliFund Development, QA, and Infrastructure teams perform ongoing application testing. The AmpliFund QA Team is responsible for testing and certifying all application enhancements and patches. The Development Team performs unit testing and code review activities. The QA Team is responsible for all integration, regression, functionality, usability, HTML validation, and compatibility testing for all releases. The AmpliFund Infrastructure Team performs regular vulnerability scans, load testing, and failover testing.
As a SaaS solution, AmpliFund is continually updated to add new features and functionality to streamline the grants management processes for our clients, facilitate best practices, and to ensure compliance with Federal regulations.
AmpliFund maintains a maintenance window of 10-11pm ET daily Monday through Friday. During this window, the platform may be updated with new feature releases and patches for all AmpliFund clients. All platform updates are made available to all AmpliFund clients who have the ability to utilize the upgrades as they see fit.
AmpliFund is available 24 x 7 x 365 and maintains a maintenance window of 10-11pm ET, Monday through Friday. AmpliFund provides a 99.9% application uptime guarantee exclusive of the scheduled maintenance window and makes every effort to minimize the impact of maintenance performed during this time.
Current application status and uptime reports are available at any time at: http://status.amplifund.com.
Redundancy and Disaster Recovery
The AmpliFund environment is designed on the concept of disaster avoidance. The platform is built to be resilient and maintain availability in the wake of foreseeable disruption.
Within the Microsoft Azure cloud, AmpliFund utilizes multiple geographically redundant data centers. Disaster recovery is built into the platform, with data replicated in real-time across data centers. AmpliFund maintains a primary production environment and a secondary hot site. In the event of a disaster scenario, AmpliFund can failover individual services or the entire platform from the production environment to the secondary hot site.
The AmpliFund Disaster Recovery and Business Continuity plan is reviewed annually, and all procedures are tested semi-annually.
The AmpliFund team manages all data backups, data restores, and disaster recovery services. AmpliFund has a standard data backup schedule.
Differential database backups are run every few hours and transaction log backups run every 5-10 minutes to create Point-in-Time backups. Point-in-Time backups are continually run and are retained for 21 days. Point-in-Time Restore is supported for any restore point within 21 days. Full database backups occur monthly and are retained for 12 months. Full file system backups are run daily.
AmpliFund file system backups run between 3-4am ET. daily. Database backups for point-in-time restore run continually throughout the day and do not impact system performance.
Restore from geo-replicated backups has an estimated recovery time objective (RTO) of under 12 hours with a recovery point objective (RPO) of under one hour.
AmpliFund has a Change Management Policy as part of its information security program. All infrastructure changes must be approved by the CTO and may only be implemented by authorized AmpliFund infrastructure team members during the AmpliFund maintenance window. All changes are document in AmpliFund’s internal tracking system. Changes to Azure infrastructure configurations are also logged in the Azure Activity Log. Only authorized AmpliFund infrastructure team members have access to the Azure Activity Log.
Access to the AmpliFund product and specific data elements within AmpliFund is tracked via the AmpliFund Activity Log. The AmpliFund team and customer administrators can access the AmpliFund Activity Log within the product to view user level activity logs that show data for logins, logouts, object access, and other key activities.
Logging and Monitoring
AmpliFund monitors the performance and availability of the platform using various tools including Azure Monitor, Azure Insights, and Azure Security Center. These tools track compliance and performance of the key components of the platform (databases, storage, web apps, network) as well as the responsiveness of the specific web apps (request rates, response times, exceptions).
Access to specific data elements within AmpliFund is tracked via the AmpliFund Activity Log. The AmpliFund team and customer administrators can access the AmpliFund Activity Log within the product to view user level activity logs that show data for logins, logouts, object access, and other key activities.
AmpliFund maintains an Incident Response Policy as part of the full policy suite included in the AmpliFund Information Security Program.
A key objective of AmpliFund’s Information Security Program is to focus on detecting information security weaknesses and vulnerabilities so that incidents and breaches can be prevented wherever possible. AmpliFund is committed to protecting its employees, customers, and partners from illegal or damaging actions taken by others, either knowingly or unknowingly. Despite this, incidents and data breaches are likely to happen; when they do, AmpliFund is committed to rapidly responding to them, which may include identifying, containing, investigating, resolving, and communicating information related to the breach.
The AmpliFund Incident Response Policy mandates that if a security incident is identified, it must be investigated within a set period of time based on its severity. If an incident is confirmed as a breach, a set procedure must be followed to contain, investigate, resolve, and communicate information to employees, customers, partners, and other stakeholders.
In addition, AmpliFund will notify customer contacts at all impacted customers and provide the relevant details including; description of the incident, customer information involved, individuals and entities that may have accessed customer information, steps involved in investigating the incident, and steps involved in mitigating issues related to the incident.