EHS-Dashboard™ Site Security Information - January 2025

Security Summary

The EHS-Dashboard™ team is committed to safeguarding our clients' Environmental Health and Safety data and personal information. Below is an overview of the security measures implemented by our team, in conjunction with our hosting provider, to ensure the highest levels of data protection.

Cloud-Based Hosting

The EHS-Dashboard™ is hosted on Amazon Web Services (AWS) Cloud infrastructure, which meets an extensive range of global security standards, including:

• ISO 27001SOC
• PCI Data Security Standard
• FedRAMP
• Australian Signals Directorate (ASD) Information Security Manual
• Singapore Multi-Tier Cloud Security Standard (MTCS SS 584)

For detailed information on AWS compliance with these and other standards, refer to the AWS Compliance webpage.

AWS's cloud infrastructure is designed to be among the most secure and flexible computing environments available. Key security benefits include:

• Data Center Security: Housed in AWS’s state-of-the-art data centers with robust safeguards to ensure customer privacy and data segregation. Network Monitoring: Protected by extensive network and security monitoring systems.
• Resiliency: Data centers located in multiple geographic regions provide resilience against outages, backed by significant excess bandwidth connections.
• Data Backup: Continuous data backups to prevent interruptions due to server outages.
• Redundancy: Redundant application and database servers to ensure uninterrupted service in the event of hardware failures.

For more details on AWS infrastructure security, visit the AWS Security webpage.

Application Layer

The EHS-Dashboard™ is built on the Ruby on Rails (RoR) framework, known for its stability, performance, and robust security features. The application’s design and development follow industry-standard security practices to protect user information and address known web application vulnerabilities.

To enhance security, the EHS-Dashboard™ team:

• Regularly audits system security to identify and address vulnerabilities.
• Incorporates updates and patches to safeguard against newly discovered threats.
• Utilizes Rails’ built-in security features, such as protection against SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).

For more information on Ruby on Rails security features, refer to the Ruby on Rails Security Guide.

Secure Sockets Layer (SSL)

The EHS-Dashboard™ employs a digitally verified SSL certificate to encrypt all communication. This ensures:

• 256-bit Encryption: All client information exchanged over the HTTPS protocol is encrypted to protect against eavesdropping and tampering.
• Data Integrity: Ensures that transmitted data remains intact and unaltered during transfer.

For more information on SSL and HTTPS encryption, refer to Network Solutions’ SSL Overview.

Commitment to Future Certifications

While the EHS-Dashboard™ team currently leverages the security measures provided by AWS and industry best practices, we are actively pursuing direct certifications in relevant security standards to further solidify our commitment to data protection.