2020 FAA Certified Electronic Record Keeping System Audit
Filled out by Christopher Howell on 2/19/21
In November 2020, the data center and three backup data centers were unlawfully subjected to a ransomware attack. SMS Pro was not the target of the attackers. Data center's final report is included in this link.
Due to the high number of ransomware attacks in the past two years, SMS Pro was required to adapt the Emergency Response Plan.
Lesson Learned: We can no longer count on backup data centers being available under normal circumstances. The ransomware attack in Nov 2020 affected four data centers owned by the Managed.com, which is relied upon by SMS Pro. The corrective action is to have two independent data centers that are synchronized daily. One data center is the primary, while the backup data center is maintained in the event of another attack. Data centers can be changed within four hours should the need arise.
- Protection of Confidential Information to insure Individual privacy - What steps were taken to protect confidential information to ensure individual privacy.
Users are not permitted direct access to the secured SQL Server database. They must access data via the Web application which uses Microsoft's Role Provider to manage security. Therefore, database security is managed on the application level. When the Web application requires database access, it must provide credentials to login to the SQL Server database. Web traffic for the Web application is encrypted for both sending and retrieving data.
- Secure from unauthorized events / access - Were there any unauthorized events or access during the period in question?
No unauthorized access detected. Unauthorized event described above, including corrective action.
- Checks of the quality, integrity and accuracy of the system to ensure that records cannot be altered in an unauthorized way - What checks of the SMS Pro system to ensure quality, integrity and accuracy of the system to ensure records cannot be altered in an unauthorized way.
NWDS routinely restores backups of the system to perform internal diagnostics and analyze performance opportunities. This happens at a minimum of once each quarter. On a daily basis, backup data center is synchronized with active data center.
- Authenticity and Prevention of Unauthorized Access or Data Corruption - Is there any record of authorized access or data corruption? What prevented those attempts?
No unauthorized events or access detected. NWDS uses the latest technologies on hardened Web servers to detect and thwart unauthorized access.
- Compare historical entries to data records - When was the last comparison of historical entry to data records. Please provide documentation of that sampling.
Sample dates:
- March 18, 2020
- June 22, 2020
- September 18, 2020
- December 18, 2020
Sampling details are not provided to third parties per security policy.
- Back up verification records that provide recorded times and dates - What was the date and time of the last system back up and provide documentation of that back up.
The last backup occurred on 12/10/19. Below is a screenshot of the most recent backups:
- Adequate Protections against software viruses and hacking/phishing - Were there any hacking and phishing attempts and were they successful?
Yes, there have been many hacking attempts detected and thwarted by the Web server's firewall. We historically see these hacking attempts to access the SQL Server database. To the best of our knowledge, there have been no successful infiltration to date.