SilkRoad Security

SECURING YOUR VALUABLE DATA

SilkRoad technology provides a secure, reliable and resilient cloud based platform for hosting enterprise applications and business services.  This system has been designed from the ground up by the SilkRoad staff based on best practice recommendations for hardware, software, security, and networking.

C.I.A. Principle
SilkRoad technology designs its security based upon the concepts of the C.I.A. Principle of Information Security:  Confidentiality, Integrity, and Availability.

Confidentiality - Your Cloud Provider must ensure that sensitive information is not disclosed to unauthorised recipients.

Integrity - Your Cloud Provider must ensure that your information can only be changed in a specified and authorised manner; i.e., ensuring data remains consistent and changes to data are authorised by appropriate personnel.

Availability - Your Cloud Provider must ensure that systems operate as required and authorised users are not denied service.  Customers must be able to access their systems and information when they need it.

A Multi-Layered Approach to Security
SilkRoad technology utilises numerous methods to ensure the highest level of confidentiality, integrity, and availability for our customers' data; physical infrastructure designed to keep hackers out, application design using accepted best coding practices, high level monitoring, redundancy at all points, and ISO27000 series based policies, standards, and procedures.

To ensure the highest levels of security to our customers, SilkRoad has undergone annual SAS 70 Type II audits, having successfully completed these important evaluations each year.  SilkRoad will continue to perform these annual audits, including the SAS 70 replacement, SSAE-16, a security audit based upon the COSO framework.

Compliance
SilkRoad technology's Security Management team continually monitors new threats and vulnerabilities, as well as all relevant laws and regulations regarding data security and data privacy.  Among the areas of compliance:

* Massachusetts Data Privacy Law 201 CMR 17.00
This law is considered the most stringent in the United States, dictating that all Personally Identifiable Information (PII) sent over the wire is to be encrypted, and that PII is never to be stored unencrypted on a 'mobile device', defined as laptop computers or removable media such as CDs and jump drives.

* Safe Harbor Certification
SilkRoad technology abides by the Safe Harbor principals regarding the privacy of data for citizens of the European Union.

* HIPAA/HITECH
SilkRoad technology, as a Business Associate of numerous Health Care providers, abides by the requirements of the Privacy Rule and Security Rule as established by the Health Insurance Portability and Accountability Act of 1996, as well as the requirements added by the HITECH Act of 2009.  Compliance is maintained to the Administrative, Physical, and Technical Safeguards specified by the U.S. government.

* Other State Privacy/Notification Laws
SilkRoad technology complies with all applicable state laws concerning data privacy, and the notification of impacted individuals and companies in the event of a security breach.

SUMMARY

The SilkRoad system is designed for the highest levels of reliability, scalability and security.  We have taken great care in designing its hosting environment, selecting its applications, and building its infrastructure.  SilkRoad technology has developed a comprehensive set of security measures and practices to keep the customer's data protected and safe.  Our integration infrastructure is built around user efficiency, and getting the right data to the right application.  SilkRoad's goal is to provide a first rate application environment, and an unprecedented user experience for their customers.