Protecting the confidentiality and integrity of our customer’s data is of the utmost importance to Datalliance. We have adopted a multilayered security approach to prevent the unauthorized release of confidential information.
The Operations and Development Managers are responsible for the overall Information Security and Risk Management strategies. The managers delegate implementation and deployment of security patches to the appropriate network, client systems, and application specialists as necessary. The Datalliance Platform is SOC 2 compliant.
Customer Network Access
All remote access to production resources is over the Internet. We do not require that the customer host any shared resources (E.G., FTP sites) on their network. All access to sensitive Datalliance resources (application interface, file exchange) is restricted by source, destination, protocol, and role. We require that the customer supply static IP addresses for all client systems that will access Datalliance resources.
Customer Data Security
Each customer’s data resides on its own instance. There is a single database in that instance, and all information in that database is specific to a single customer.
Access to the application interface is restricted by username and password. Account creation requires signed, management-level approval by the customer. Standard password complexity and aging requirements are in effect.
Web Application Security
The application interface is only available via HTTPS. All pages in the application interface have been engineered with a single toolkit. This provides uniformity throughout the application regarding security, coding standards, and access.
We use proven technology to validate the information that is available via the URL line, and software languages that help us minimize the risk of software disruption, such as buffer overflow attacks. We run all code in a mode that prohibits writing to or reading from sensitive operating system files.
Over time, a number of security reviews and audits have been conducted on Datalliance services by third parties, including web application penetration tests and industry standard service controls assessments.
When considering new suppliers, VMI is very high on our list. Suppliers that have VMI programs are easier to do business with, more cost effective, more accurate, and we are more likely to grow our business with them over time as we are better able to serve our customers.
Daryle Settles Vice President, Weldon Parts, Inc.
Through our partnership with Datalliance, we've realized a reduction in required IT resources...The software-as-a-service approach means we do not have to deal with all of the EDI, hardware, and software issues of a typical VMI platform. In the end, Datalliance has the people, experience and processes to make it happen.
Matt Weigle Information Technology Manager, Ward Manufacturing
Datalliance VMI is a complete service, much more than just a computer system. The people aspect of the Datalliance service is what really sets it apart. Datalliance support people are extremely responsive to requests, professional, personable and very knowledgeable.
Lisa Taranto S&OP Business Analyst, Berk-Tek