Safety Management System Data Security

NWDS places top priority on protecting the privacy and security of all airline safety data.

Safety Management System Data Center Used by SMS Pro

Physical Data Security

NWDS hosts all SMS Pro data in a secure data center which is SAS 70 Type II certified. The data center includes:

  • 24/7/365 staffing;
  • Monitored access through multi-level security system;
  • Leading-edge fire protection and climate control systems;
  • N+1 fully redundant power and HVAC;
  • Four local SONET fibers provide redundant carrier/neutral fiber access;
  • Redundant, Tier 1 internet bandwidth with fully redundant, Carrier-class Cisco core routing and switching

Only authorized NWDS personnel are allowed to access NWDS servers.

Data Backups and Backup Storage Security

All data on SMS Pro servers are backed up on site at the data center's Web servers and moved to an off-site server on a daily basis during non-peak hours. Weekly reviews are conducted to ensure that airline SMS software backups are performing correctly. Thorough disaster recovery tests conducted on a quarterly basis.

Network Security and Network Monitoring

SMS Pro servers sit behind their own enterprise-grade firewall. The SMS Pro data center personnel and NWDS continuously monitor logs and alerts generated by firewall. NWDS also continuously monitors the server log(s) to ensure optimal performance and to capture any unauthorized or suspicious activity. Automated alerts are enabled from SNMP management tools that monitor all critical infrastructure components.

Airline SMS Software Application Security

By default, airline safety data on NWDS servers is not encrypted. By request, airline SMS sites can utilize Secure Socket Layer (SSL) to transmit and encrypt data. There is a performance hit with this configuration.

Each employee at your airline will have a unique username and encrypted password. Each airline has a unique portal ID (and often multiple division IDs) so that airlines are unable to access the data of other airlines. Your airline SMS Admin can configure permissions for each user and airline SMS role. NWDS can view detailed audit logs of all of airline SMS user activity.

NWDS staff continuously monitors and logs airline SMS portal activity for unauthorized or suspicious activity. NWDS security procedures and protocols are not available to review by airline clients because this review opens potential security holes.

Privacy of Data

All airline safety data remains confidential and NWDS will not disclose any data to third parties without the prior written consent of your airline management. The SMS Pro "Agreement for Services" includes this clause.

Uptime

SMS Pro has a minimum 99.5% uptime guarantee not including scheduled maintenance to servers hosting the aviation safety management software. NWDS notifies airlines of scheduled maintenance in advance and perform scheduled maintenance in non-peak hours. Scheduled maintenance averages 4-6 hours a quarter, which may include upgrades to the safety management system software.

Certified SAS 70 Type II

SAS 70 Type 2

SAS 70 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 Audit means that a service organization has been through an in-depth audit of their control objectives and control activities.

NIST Certified Datacenters

NIST Certified Datacenters

Our datacenters have implemented NIST’s set of baseline security controls, documentation requirements, and Federal Information System Controls Audit Manual (FISCAM) control audit methodologies.

HIPAA Certified Datacenters

HIPAA Certified Datacenters

The Health Insurance Portability and Accountability Act (HIPAA) was created by the federal government to protect patients’ private information.

SSAE 16 Certified

SSAE 16

The Statement for Standards for Attestation Engagements (SSAE) No. 16 enhances the SAS 70 standard which governs controls at a service organization. Our datacenters have undergone SSAE 16 audits to keep up to date with new international standards.

PCI DSS Compliance

PCI DSS Compliance

The payment Card Industry Data Security Standard (PCI DSS) is designed to ensure that companies which process, store, or transmit credit card information document and maintain a secure environment.