RMS(ONE) SOLUTIONS SECURITY AND COMPLIANCE

High Availability and Resiliency

The RMS(one)® platform is architected at the application and infrastructure level for high availability and resiliency, with redundancies at many levels.

We are committed to protecting your data through dedicated security resources across our software development, legal, monitoring, information security, and cloud operations teams.

Application Security

Application security uses continuous automated and manual security testing processes throughout the system development lifecycle (SDLC) to identify and patch potential vulnerabilities and bugs on the platform.

These include static application security testing (SAST), dynamic application security testing (DAST), open-source scanning (OSS), and manual penetration testing.

Infrastructure Security

For threat detection, RMS infrastructure security combines advanced and hardened firewalls, network segmentation, intrusion detection and prevention systems, and ongoing log monitoring and analysis.

The production management network, which hosts your data, is segregated from our corporate network. Access to the network is restricted to individuals on a need-to-know basis and requires multi-factor authentication.

Compliance for Trust and Verification

See How RMS(one) Solutions Enable Compliance

Industry-Standard Certifications

RMS security practices comply with the most widely accepted industry standards and regulations, including ISO 27001 and SOC 2 for security, availability, and confidentiality.

Geo-Specific and Regional Compliance

RMS(one) solutions adhere to applicable data privacy compliance requirements in the geographical regions we operate in.

Similar to our existing compliance with the European Data Privacy Directive, we are continuing to build on and execute our General Data Protection Regulation (GDPR).

Independent Audits and Continual Improvement

We use independent third-party auditors to conduct annual reviews of our systems and controls.

In addition, we are committed to continually improving our security programs, systems, and controls, and we welcome feedback from internal teams, customers, and auditors.

Secured and Delivered via Microsoft Azure

Microsoft Azure cloud services are the foundation of the RMS(one) platform, which runs in geographically distributed Microsoft facilities designed for 24x7x365 availability.

Each facility employs measures to protect your operations from power failure, physical intrusion, and network outages. All facilities comply with ISO 27001 and SOC 2 standards for security, availability, processing integrity, and confidentiality.

Redundancy at the Platform Layer

The RMS(one) platform features built-in redundancy at several layers, and all functions are spread across multiple servers. If one server or server rack goes down, the core platform will continue to run. If a core system function fails, workloads are rerouted to properly running functions.

Compute capabilities reside within Microsoft Availability Sets, which allow for the RMS(one) platform to run across virtual machines in different fault domains.

Designed and Architected for Business Continuity & Disaster Recovery

Our network is connected to one of the world’s largest fiber backbones and supports multiple terabit connectivity with more than 70 points of presence. This network provides multiple paths to providers, allowing instantaneous reroutes around internet failures.

During a disaster recovery event, backed-up data is sent out-of-region for safekeeping or restored to a duplicate environment operated by RMS within geopolitical boundaries and with user access enabled. This environment is patched and kept up-to-date on regular release cycles.