2022 FAA Certified Electronic Record Keeping System Audit

Filled out by Roman Mikheev on 1/25/23

  1. Protection of Confidential Information to insure Individual privacy - What steps were taken to protect confidential information to ensure individual privacy.

    Users are not permitted direct access to the secured SQL Server database. They must access data via the Web application which uses Microsoft's Role Provider to manage security. Therefore, database security is managed on the application level. When the Web application requires database access, it must provide credentials to login to the SQL Server database. Web traffic for the Web application is encrypted for both sending and retrieving data.

  2. Secure from unauthorized events / access - Were there any unauthorized events or access during the period in question?

    No unauthorized events or access detected.

  3. Checks of the quality, integrity and accuracy of the system to ensure that records cannot be altered in an unauthorized way - What checks of the SMS Pro system to ensure quality, integrity and accuracy of the system to ensure records cannot be altered in an unauthorized way.

    NWDS routinely restores backups of the system to perform internal diagnostics and analyze performance opportunities. This happens at a minimum of once each quarter.

  4. Authenticity and Prevention of Unauthorized Access or Data Corruption - Is there any record of authorized access or data corruption? What prevented those attempts?

    No unauthorized events or access detected. NWDS uses the latest technologies on hardened Web servers to detect and thwart unauthorized access.

  5. Compare historical entries to data records - When was the last comparison of historical entry to data records. Please provide documentation of that sampling.

    Sample dates:

    • March 15, 2022
    • June 21, 2022
    • September 20, 2022
    • December 20, 2022

    Sampling details are not provided to third parties per security policy.

  6. Back up verification records that provide recorded times and dates - What was the date and time of the last system back up and provide documentation of that back up.

    The last backup occurred on 1/25/23. Below is a screenshot of the most recent backups (note dates in file names):

  7. Adequate Protections against software viruses and hacking/phishing - Were there any hacking and phishing attempts and were they successful?

    Yes, there have been many hacking attempts detected and thwarted by the Web server's firewall. We historically see these hacking attempts to access the SQL Server database. To the best of our knowledge, there have been no successful infiltrations in 2022.