W3C Accessibility Standards
At Run Straight we believe the Web and our solutions must be fundamentally designed to work for all people, whatever their hardware, software, language, location, or ability. Through our products we help removes barrier to communication and interaction that many people face in the physical world. Through intuitive design and using the latest tools and frameworks for accessibility, our developers and organization create high quality websites and tools that do not exclude people from using our products and services.
Our solutions are tested and conform to WCAG 2.1 accessibility standards. We also use the latest Bootstrap framework for general user experience components, including pup-up calendars that are accessibility compliant across devices. To ensure that our solution remains WCAG2.1 and AODA compliant we perform internal compliance testing using the Web Accessibility Evaluation Tool from WAVE.
Our main servers are located in a private cage in Toronto, Ontario in a modern, dedicated, purpose-built data center managed by Equinix. All physical access is controlled by 24-hour security and multifactor identification.
The data centre has the following certifications; HIPAA, ISO 27001, NIST 800-53/FISMA, PCI DSS, SOC 1 Type II and SOC 2 Type II.
From a network point of view, our high availability infrastructure is protected by leading edge enterprise class hardware and security tools. All of our equipment is from Lenovo, KEMP and Cisco Meraki and is on regular maintain and upgrade schedules.
Run Straight aligns with OWASP standards and practices for infrastructure-based testing. We also have Active Monitoring that reports events on an active basis.
Our application platform is a completely owned by Run Straight Consulting Ltd. and provides our organization complete control over the application. Our framework meets industry best practices and the most government development guidelines. We also use the frameworks that support:
- SSL, TLS 1.2, and 256-bit AES Encryption.
- Forms & Active Directory (AD) Authentication
- Two Factor Authentication (Token, SMS)
- Dynamic Role Based Security & Case Level Permissions
- Enterprise class, ASP.NET,
- Development frameworks compatible with All Modern Browsers
Run Straight uses OWASP, self-assessments, and client or third-party performed Penetration Tests to conform with the 'Highest' Security standards. These schedules are defined in the Communications Plans developed with each of our customers.
Security & Permissions
Our approach to application security design is to follow the
principle of least privilege, meaning that a user role only has access to the information that is necessary for its intended purpose.
Our products have several options built-in to meet the latest security and privacy requirements, including:
We provide both Forms & Active Directory (AD) based Authentication. Authentication is available through Forms, SAML or Windows/Azure AD) with optional Two Factor Authentication (SMS, Email, SurePass hard/software token). Where 2FA code can have optional User PIN plus token code or just token code.
The system has a simple and powerful security approach with Role-Based functionality to apply restrictions, such as to Managers, IT-Administrative functions, Temporary Staff, etc.
Security Questions: Users are required to answer predefined security questions before accessing the system.
The use of VPN, Tokens, Certificates, etc.
Individual Activities can be protected by setting an Activity's 'Privacy Level': Access to the activity will be restricted based on the role level selected and only users in the selected role that can view the information.
We provide Token Based Two-factor Authentication (2FA), giving our clients the option of using software or hardware tokens managed through a centralized administration portal. Token based 2FA requires the user to enter their username and password along with a PIN number from a token. This technique for authentication satisfies many organizations' security requirements for the increased protection of sensitive information and is standard for Administrator users. We also provide 2FA through SMS / Email messaging.
Security in Transit and At-rest
While data is at rest, it is encrypted, and while it is in transit it is protected through SSL and TLS 1.2 encryption.
The connection between the client and the presentation layer uses an encrypted SSL (https) 256 BIT certificate connection along with username and passwords with optional two-factor authentication.
Our solutions use secured, encrypted (https) WCF web services for connections between the presentation layer and the service layer.
- All passwords and selected fields throughout the database are encrypted with SALT.
- All SSL certificates are regenerated every 2 years to meet the latest CA/B Forum security standards.
- Privacy is further ensured through document encryption where sensitive documents are password protected with 256-bit AES encryption. When we encrypt files with a password, the password is encrypted in the system. We also encrypt any sensitive data fields in the system.
Security, Privacy, and Confidentiality
We work with all our customers to define the Roles and Permissions where users can safely maintaining client confidentiality without complex or time-consuming settings. We provide training and helpful tips on how to protect confidentiality and privacy and make working with our tools and across groups straight-forward.
One of Run Straight's value-adds is that if there are any data classification or security concerns identified by ourselves, the customer, or by third-parties, Run Straight can make the required adjustments in-house with our level of access and control over the entire infrastructure and code.
Exceeding Data Classification Security Requirements
Run Straight products have successfully been certified several times through the rigorous 'high-security' level of Privacy Impact Assessment (PIA), and the Threat Risk Assessment (TRA). If there are any data classification constraints identified during the solution delivery, Run Straight can make the required adjustments if needed as Run Straight owns all the code and changes to meet customer needs with our level of access and control over Run Straight's infrastructure and code.
Our Security Policies cover:
- Application Security
- Security in Transit and At-rest
- Active Monitoring, and our Run Straight Information Security Objectives & Controls for:
- Incident Management Policies & Procedures Guide
- Security Policy & Breach Procedures
- Customer Communications Plan
- RS Internal Policies & SOPs
- Service Continuity Plan
- Password Management Policy
Our solutions have robust implementation features for Password Management, Access and Authentication. Authentication is performed through:
- Forms, SAML or Windows/Azure AD with optional Two Factor Authentication (SMS, Email, SurePass hard/software token)
- 2FA code can have optional User PIN plus token code or just token code
Users can reset their passwords from their profile at any time, or if they have forgotten their password they can request a password reset from the login page.
Run Straight uses its own Active Monitoring services using our own RS-Reports and Service Desk. Active Monitoring looks for multiple types of malicious activities, poor performance, unexpected API connections, general statistics, unexpected events and errors. All results are channeled to our RS-Reports and Global Incident Management System using ITSM standards.
With our latest releases of RS-CMS we have brought our customers several new innovations. These include enhanced reporting capabilities, a separate Auditing module to enable greater continuous improvement, more integration with other Microsoft Services including Office 365 Applications, Power BI, and SharePoint Enterprise Content Management and Analytics with Active Monitoring. We have also developed additional mechanisms for customers to securely enter and managing case information by speech-to-text and through SMS. We have also integrated Learning Management Services and Service Desk features for even better user adoption and support with our available Full Service (Tier 1 to 5) Service Desk.