Security Statement

Security at all levels

We know that security of your data is crucial, and we treat the security of any information you enter into your account as a top priority. Every aspect of is designed to be secure at all levels, to only allow access to registered users on your account. We are completely committed to all aspects of security, and strive to make our hosted service as secure as having a server behind your own firewall.

Payment Security Standards

In accordance with PCI standard compliance requirements, if you provide credit card information during the registration process, your credit card details are encrypted and stored securely for the sole purpose of processing your recurring subscription payments. All communications with the third party payment gateway facility are encrypted using SSL (Secure Sockets Layer) technology. Alternatively, if you do not wish to use a credit card to pay for your Service Subscription, an Offline Payment option is available so that you can pay for your annual subscription via EFT Bank Transfer instead.

Application and Data Security

Users can access accounts only with a valid username and password. Accounts are maintained by your own approved administrators who are given full rights to create, suspend and delete user accounts. All data, including login information, is encrypted between the server and the browser using Secure Sockets Layer (SSL) encryption. If a user chooses to have remember their login details, user sessions are stored in an encrypted cookie on the user’s local computer, which does not reveal any machine readable login information.

The application architecture follows all best practices to ensure users only have access to information to which they are given permission. A security model is enforced at every level of the application to prevent a user of another account from accessing your information. Solisma employees do not have direct access to data stored on the servers, except where necessary for performing system maintenance and backups.

API Security

The Service Improvement Manager application provides an API interface that enables integration with other tools. Access to the API is secured through a combination of methods including: (a) activation only if the API is required; (b) encryption of all data transmission using of a private API key that is unique to your account; (c) transmission of data using only Secure Sockets Layer (SSL) connections to the server; and (d) the ability to restrict API access to specific servers designated by one or more IPV4 or IPV6 internet addresses.

Server Security and Data Backups

The servers are hosted as a managed service which has 24-hour physical security and highly controlled server access, as well as redundant power and network systems. All servers are monitored and maintained to ensure high levels of performance, confidentiality, integrity and availability. We follow best practices in server security and maintenance to ensure no outside intruders gain access. The servers have firewall protection, with application communication ports restricted to Secure Sockets Layer (SSL) only.

All data is stored on RAID disks with multiple data paths, and nightly backups of all data are performed. Backups are moved to an off-site secure location and rotated across a 14-day backup cycle. Upon a request to terminate your account, all data is immediately deleted from the servers (we therefore recommend that you back up your sensitive data prior to termination). Following termination, any remaining backup data will be cycled out of the backups over the 14-day retention cycle.