UPDATE July 2022: OMTI is SOC 2 compliant.
Security is always important when dealing with sensitive and critical information, such as much of the information court reporting and other legal support businesses handle. A few RB9 security points to know:
You can turn on two-factor authentication (2FA) for users logging in to RB9 and RB Connect. 2FA is a more secure way to confirm a user’s identity by adding a second factor to signing in with a user name and password, such as a code sent to their cell phone that they must enter into the log-in page.
You can also require that users have complex passwords, and that they have to periodically update their password. You determine the length of time before they must update their password and if they can keep using the same password.
To be compliant with general security rules for business applications, automatic log-off is enforced in RB9. Following the industry standard, you are automatically logged out of RB9 after 20 minutes of inactivity.
You receive alerts at the end of periods of inactivity to extend your time before being automatically logged off, just like on banking sites.
You must save your work before logging off. RB9 does not save your work for you before it logs you off.
RB9, like RB8 Cloud, is housed in the cloud on Microsoft Azure’s Cloud Services, which in addition to a guaranteed 99.9% uptime, benefits from Microsoft’s dedicated resources and processes that guarantee the security and privacy of data on Azure, including HIPAA certification and following international standards for privacy controls in the cloud. These safeguards are beyond what a single court reporting agency could provide.
RB9 is more secure than an in-house system in other ways, such as open port security: If you’re trying to log into RB9 remotely without a secure connection, you do not need to keep the well-known default SQL port open; nor do you need to keep any custom ports open for RB Repository downloads. (And that’s one less thing you need IT to do.)
Your info remains confidential
You maintain control of your files. We do not host files on our own servers; your files reside on Microsoft Azure’s Cloud Services. Your client/case/job information remains confidential.
Better than backup
With your RB data and repository files on Microsoft’s Azure’s Cloud Services, you no longer need a back-up system. Data is mirrored between servers in different locations, so even if one server were to go down, another server would be accessed immediately with no interruption in service and no lost data. Repository files are also protected similarly, with duplicates stored in several locations.
- RB9 stores the password using secure hash algorithm SHA-512, so no one can decrypt the password.
- RB9 only allows access via TLS 1.1/1.2. Other security protocols, such as SSL, TLS 1.0, which are outdated and vulnerable, cannot access RB9 or RB Lite.
- RB9 stores sensitive data, such as birthdays, SSN, and Tax ID, using AES 256-bit algorithm. The symmetric key is stored in SQL Server, and its password is managed by OMTI. This means if someone steals the data, they cannot decrypt the data even if they know the password.
- The SQL Server cannot be accessed from other locations. Only our web server can access.
- RB Connect uses an SSL with 2048-bit signatures and 256-bit encryption.
- RB Connect only allows access via TLS 1.1/1.2. Other security protocols, such as SSL, TLS 1.0, which are outdated and vulnerable, cannot access RB Connect.
- Like RB9, RB Connect uses the Microsoft Azure platform. Azure is HIPAA, TRUSTe, PCI DSS, NERC CIP compliant.
- In RB9 and RB Connect, optional two-factor authentication (2FA) sign-in sends a code to the user’s cell phone or email address for an extra layer of security when logging in.
What’s new in RB9 modules:
Plus what else is new about RB9: