viisConnect has been created using our state of the art Cloud Platform.

This platform is a configurable "Platform as a Service" engine that is configured to provide the solutions each client requires.

Security is critical to the operation of all viisConnect Communities. viisConnect is hosted on a multi tenanted database. Clients are connected via secure HTTPS connection to the Internet.

Data is transferred either by encrypted email attachments (for asynchronous operation) or via web service (for synchronous operation). The data payloads within these attachments or web service calls are either XML or CSV formats, depending on the configuration.

Email attachments use AES encryption/decryption, providing 256-bit military-grade data security. The web service uses 128-bit SSL encryption.

Each Viisibility Portal is secured by either Thawte 128-bit SSL encryption or by Comodo 128-bit SSL encryption. Viisibility servers use the standard software firewall provided by Microsoft. A minimum set of ports are open (HTTP, SSL, Remote Desktop). Remote Desktop is restricted to Viisibility-sourced inbound IPs. Netbios is disabled. Ethereal is used to monitor the level of port scanning.

All operating system security patches are applied automatically using Microsoft's automatic update service. All other patches (such as those for database and ASP.NET) are monitored via Microsoft notifications and applied by Viisibility staff subject to appropriate testing.

Availability of the host is monitored automatically at 10 minute intervals 24*7 by a geographically separate host seeking contact with the application via HTTPS. If the application should not be available, Viisibility staff are immediately notified via SMS. Eset NOD Antivirus is used to provide virus protection.

Community Administrators are responsible for issuing and managing passwords to users and as such this is an internal client issue. Clients can therefore set and dictate their own password policy. Initial passwords are generated randomly by the system and sent to users who are forced to change the password the first time they login. Passwords are one-way hashed using Microsoft's .NET Framework hashing facilities and must be changed every 30 days, or at a period specified by the Community Administrator.

User accounts are created by the client's Community Administrator. Upon creation of a user, a password is automatically created and emailed to the user. The clients Community Administrator manages the creation and deletion of users.