Security Compliance

All information contained in this section was provided by APX (the registry service provider) through electronic mail and was received by ERS on August 16 2023, as part of the contractual relationship between the companies.

SOC2

The registry technology provider has been SOC2 certified since 2018 and recently concluded its 2022 audit. The audit affirms that they conform to Trust Services Principles and Criteria for Security, Availability and Processing Integrity by the American Institute of Certified Public Accountants (AICPA). The completion of this audit provides additional assurance that the technology provider designs and implements services according to the highest standards to protect the availability of the ERS Registry, and execution of internal processes.

MAINTENANCE OF SOFTWARE AND HARDWARE

  1. The registry technology provider utilises rich web-based client technology, working on Angular UI framework and Java mid-tier server application and associated services, leveraging Azure-hosted replicated SQL Server databases to provide a robust underlying data service. This ensures high-speed storage that permits the retention of multiple years of transaction-level historical data online and includes: 
    1. Fully redundant data centre locations in geographically separated regions of the United States;
    2. Fully redundant network infrastructures in each data centre location and Operations facility;
    3. Data replication between the data centres and off-site backup of the database; 
    4. Off-site operations facilities to handle the program in the event that the primary Operations facility cannot be used. This includes workstations, network access, and automated phone rerouting.

DISASTER RECOVERY

  1. The system must be backed up for two types of failures: 
    1. Loss of the hardware due to damage;
    2. Data loss or data corruption. 
  2. For “loss of hardware,” the “image” backup method is used. The “image” allows the operating system to be re-constructed in a short period of time once the damaged hardware has been repaired.
  3. For “data loss or data corruption,” the provider electronically places multiple copies of the database backup across geographically distributed storage. This allows to retrieve and, if necessary, restore the data to the same or different hardware.
  4. Ad-hoc backups (archives) of the databases are a normal course of operation for the registry. This is currently employed by the registry technology provider in their database operations and is executed as required. The archived backups are stored using the previously described redundant, geographically distributed storage. 
  5. Recovery of the Operating System, Application, or Database must use existing procedures which include some of the following: 
    1. Reload of the database from a known recovery point using the “backed up” copy of the database.
    2. Reload of the database to a known recovery point using the database transaction logs applied to the restored database created from a “backed up” copy.
    3. Reload of the database on the existing production system or test system available as part of our SaaS services.
  6. Backups are maintained for a minimum of two (2) weeks.

NETWORK SECURITY

The registry technology provider data centres are protected using industry-standard equipment and access methods, including firewalls and other associated networking infrastructure with fine-grained policies defining exactly which traffic is allowed into and out of the servers, both from internal services as well as the public internet. Their Network Security Group model allows the provider to ensure only traffic appropriate for their applications is allowed into the environment. Events related to the networking and application infrastructure are recorded to a central console that must be monitored 24-hours/day by dedicated security staff who must review reported events of excessive login failures and report the events to the appropriate staff.

SERVER SECURITY

Server systems are deployed with fine-grained access policies. Direct access to the servers is only allowed for approved personnel responsible for the administration of infrastructure. Personnel access to the servers is only allowed from the registry technology provider’s Corporate network. There is no direct access to the servers from the internet. Servers have anti-virus and file system monitoring utilities that report events to a central console monitored by the 24-hour operations group and IT security staff. Login/authentication events are recorded and available for review. Backup of each server’s operating system is taken to allow for the quick restoration of a server in the unlikely condition that the system becomes unavailable.

DATABASE SECURITY

  1. The database configuration must be performed to allow appropriate access to records depending on the individual’s roles/privileges: 
    1. Users are only able to access and modify the records appropriate for their function.
    2. The Administrator is only able to access and modify the records appropriate for their function.
    3. Staff responsible for the maintenance of the system have only the minimum level of access to the database needed to complete their job function.
    4. Database administrators have full access to the database records. This is required for them to fulfil their job function.
    5. IT staff have no access to the system database.
    6. Access to the database is available to the regular application users and application users with Administrator roles solely via the application user interface. Such users are not allowed direct access to the database.
  2. Under no circumstances can direct access to the database occur directly from the internet. 

APPLICATION SECURITY

Access to application features is based on the Account and privileges granted to the authenticated user. The login name and password must be used to authenticate each user. Multi-factor authentication is also available. Each user is assigned a role. The role grants the user access to a set of modules and also dictates specific data records that the user is entitled to have access to. Each module provides a set of functions that enables the user to accomplish a task or set of tasks. Each attempt at login, success or failure, is recorded in the system log for review by the System Administrator login role.

END-USER SECURITY

  1. Access to the Registries is done via SSL/HTTPS-secured communication. Individual users are challenged for their unique username and password in order to access the application. Additionally, multi-factor authentication is available if desired to be in place. After the username and password are authenticated and the second-factor authentication is completed, the user gains access to the application’s home page. To protect the integrity of passwords, passwords are required to adhere to the following rules: 8 to 16 characters in length; at least one lower case character, at least one upper case character, at least one digit, and at least one special character.
  2. To ensure compliance with security provisions, ERS regularly audits and evaluates the security measures in place within the registry. The specific protocols and processes are as follows:
    1. Security and Provisions for Regular Security Audits: ERS conducts periodic security audits or evaluations to assess the effectiveness of security provisions.
    2. Clarification: The nature of the audit or evaluation may encompass both ERS's auditing of the registry provider's security processes and protocols and the verification of evidence regarding the registry provider's security practices. The exact scope and details of the audit are determined based on the specific requirements and standards.
  3. These provisions highlight ERS' commitment to preventing conflicts of interest, addressing them when they arise, and ensuring compliance with security provisions through regular audits and evaluations. These measures seek to maintain the integrity, transparency, and security of the ERS Registry.

DATA BREACH

In the event of a data breach identified by the ERS or by the Registry’s host APX, ERS must communicate via email and within forty-eight hours of notice all impacted Registry’s account holders and relevant Accreditation Bodies Secretariats, such as the ICAO Secretariat. 

ERS shall keep all parties impacted up-to-date with the breach investigation’s advancements by providing regular email updates until the matter is solved.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us