Navitent provides Amazon Web Services (AWS) cloud-based services that deliver positive social change through collaboration and coordinated action. Solutions are available in either Software as a Service (SaaS) form, or as Platform as a Service (PaaS) for Enterprise clients.
Facilities
Navitent's solution infrastructure is secured by Amazon's world-class, ISO27001 certified facilities and services. Amazon provides physical and data security for the data centres and cloud infrastructure.
Further information on Amazon data center security can be found here.
Compliance
A list of Amazon's broad set of security compliance reports can be found here. Among these are the SOC 3 report on Security, Availability & Confidentiality (pdf) and ISO 27001 certification (PDF).
Navitent's solution has been carefully designed to be fully HIPAA-compliant, and able to host electronic health information.
Application Services
Amazon provides and supports a wide suite of application services used by the Navitent solutions. More information about Amazon AWS Cloud Security can be found here.
Navitent's non-production environments are protected to the same high security standards as production environments.
Access Control
Only members of Navitent's Engineering Team with a role-based need have access to the production environment for the purposes of maintaining cloud services. We audit and monitor all access to cloud services in all environments.
All IAM accounts are role-based with permissions granted based on the principle of least privilege.
Customers that perform their own user administration for customized solutions are responsible for maintaining the security of their own users, roles, and permissions.
Data Encryption, Storage and Retention
Data at rest in the Navitent Assessment cloud is encrypted based on current industry standards. Data in transport within the Navitent AWS Cloud is protected with HTTPS/TLS. Data access from outside of the AWS Cloud (e.g., web, web services) is encrypted with HTTPS/TLS.
Navitent SaaS services have a multi-tenant model where some components, services, and codebases are shared between customers. Each SaaS customer’s data is logically separated from all other customers’ data: each customer can only access its own data.
Each PaaS customer's data is stored in independent, separate databases.
Monitoring
Navitent leverages the power of AWS security services including CloudTrail and CloudWatch Alarm to constantly monitor customized application services and to achieve 24/7 observability.
Backup and Disaster Recovery
Data is backed up in encrypted form, and the disaster recovery plan is tested on a regular basis.
Privacy
Navitent understands the importance of privacy and is committed to protecting your personally identifiable information. Navitent is built from the ground up respecting privacy by design, with encryption, access control, and audit logging. For more information, please see our Privacy Policy.