Will this system/application be hosted in the cloud? Is there an option to host on-premise? If both options are available, which option is preferred and why?

What percentage of your customers are using your hosted services?

All Customers our using our Microsoft AZURE GOV Cloud Servers

Are you willing to have contract defined SLAs with associated financial penalties? What are the terms?

We do not offer financial penalties. Maintenance windows are done to ensure the platform provides stability.

Does this system require the internet to function? Is there an option to work offline/sync?

Yes. No offline function available.

What are the specific network requirements for this application to function properly?

Up to date web browsers ie. (chrome, firefox, edge etc.) Working internet connection

Please describe the backup process, frequency, and approximate amount of time required to complete and approximate bandwidth required.

Redundant backups occur every 24 hours. These are done on the back end through Azure

Is there a client component? How is it installed? If it is a web application, are there additional components required?

No additional Components Required

Is there a mobile component? Describe the technical requirements to use this feature.

Our software products are mobile friendly and will flex to tablet and smart phone devices.

Is Azure Active Directory, Active Directory and/or Single-Sign On (SSO) supported? Please describe.

No Active Directory or SSO supported at this time. We will be implementing in 2022

Can users reset their own passwords or is an admin required to reset it? Describe this process. Is the password field masked?

Users may reset. Yes

How are users granted access to software functionality? Is it based upon the principle of least privilege?

User level permissions set up by admin

Are terminated user accounts disabled or deleted?

Optional

How will our production and disaster recovery (DR) environments be isolated from other hosted customers?

With data stored in multiple locations, the redundancy of information stored helps to ensure that data will not be lost or effected. The service has a disaster recovery plan to restore services via backups to a cold site

Will our data be encrypted at rest and/or in transit and how?

Both

What encryption is used at rest? Please describe.

FIPS 140-2 validation

Will the city maintain ownership of the data? What is the format of the retrieved data and the process for requesting a copy?

Yes. We allow a grace period of exporting / reporting data or we may export into spreadsheet

Does your organization have a dedicated resource assigned to Information Security (Cybersecurity)?

Yes

Describe the remediation process of identified vulnerabilities.

Frontline has a server maintenance managed services contract with a third party company that monitors and identifies vulnerabilities.

Does your organization apply security patches on a regular basis? If so, please describe your patching cadence.

We follow the Microsoft Azure Patching Frequency Best Practices

Does your organization have an Incident Response policy/plan?

Yes

What data do you log and what is the retention period of that log information? (Attach detail if necessary)

Data logged is congruent with information entered by user. All data is stored indefinitely unless otherwise deleted by administrator

If the application is hosted, is the application monitored for cyber-attacks such as, but not limited to, brute-force attacks, SQL injection, et al?

Yes

Do you have a Disaster Recovery (DR) plan? How do you exercise it?

How do you exercise it? Much like the failover plan, the disaster recovery follows the same process. Our standby/backup servers will be accessed from a manual DNS change. Once the original production servers are updated and back to working order, the DNS will be changed back to original server set-up.

Define what you constitute as an outage and describe the recovery point and recovery time objectives as defined in the contract.

An outage is defined as downtown not controlled by Frontline due to server updates, maintenance etc. We have 24/7 monitoring of our products and alerted within seconds of downtime. Our services team is pinged simultaneously and strive to get the site bask up as soon as possible.

How do you ensure redundancy in your hardware, network and external communication paths?

We have redundant servers for production sites and databases designed for load balancing, as well as a backup server in an alternate location. In the event of a major issue, we will point the sites to the back-up server and update DNS records immediately.

How are backups accessed/restored? What is the process to request a backup and what is the time frame for restoring the information?

Request a backup of your data in writing and submit to Frontline support team. Your requested back up data will be provided within 48 hours of request.

What is your defined failover process and procedures?

In the event of a failover, our standby/backup servers will be accessed from a manual DNS change. Once the original production servers are updated and back to working order, the DNS will be changed back to original server set-up.

Attach a Copy of your Service Level Agreement (SLA). This should include: warranties, expected service level uptime, response time, disclaimers and limitations of liability, provisions if you cannot meet your stated service levels, your support hours of operation.

The hosted SLA for the service is 99.9%. There are no inherited warranties and it is provide as-is, unless otherwise written into your service contract.

What regulatory requirements do you meet? (Basel 11, SOX, PCI, SAS70, 15027001 HIPPA)

There is no federal regulatory compliance needed for the data stored, but this does not stop us from using the high standards of regulatory compliance. Some of these include: SOC 1, SOC 2, SOC 3, NIST 800-171, NIST CSF, HIPAA (US) and many more. These are inherited compliance from our MS Azure Government hosting provider.

Read more about Azure compliance from Microsoft Azure at their website: ( https://docs.microsoft.com/en-us/azure/compliance/ )

Provide summary audit Reports for services, 3rd party processes, and/or data centers: including Vulnerability scan – penetration test results/remediation, PCI, HIPAA, ISO certification reports

Audit reports can be seen from our hosting provider of Microsoft Azure Government at https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3 .

We do no prove audit reports for any of the SaaS software product directly. Any penetration test and remediation plans are considered sensitive data and are only used for internal company use.

How do customers obtain verification/summary of future Audit reports?

Future audit reports of our hosting provider can be obtained directly from Microsoft at: https://servicetrust.microsoft.com/ViewPage/MSComplianceGuideV3

If you are needing to review/report on any of the audit document for your own records and need help navigating the reports, you can learn more about the Microsoft trust portal for these services at the getting started with service trust portal help article at: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-worldwide

FAQ's

Read Most
Frequent Questions

Our Support Team
will Always Assist You 24/7

Ethan Laird

Heather Berg

Tiffany Fritz

NEED A DEMO / QUOTE?