gov-building

Our commitment is to meet and exceed the stringent technical specifications our government customers require

You take the security and protection of your information seriously, and so should we. That’s why City Innovate builds our software, support, and operations based on stringent NIST 800-53 Moderate level security controls with active programs to achieve authorizations in StateRAMP, FedRAMP, certification in HITRUST, and audits for SOC-2.

While most companies host application data in standard commercial data centers, City Innovate stores your data in AWS GovCloud data centers, which meet the highest Federal, Military, and DoD standards for data protection, business continuity, disaster recovery, infrastructure control, and physical security.

aws govcloud

Our Commitment to Security

How We Protect Your Data Your Identity, Your Control Always Your Data, Defended Preventing Intrusion Hiring Securely

How We Protect Your Data

protect your dataAll of the information that we transmit and store is encrypted using advanced algorithms that meet or exceed FIPS 140-2 standards – the bar that the Federal Government uses to approve cryptographic modules for their use.

Access to your data is strictly controlled by you, through our innovative organization, project, document, and even section-level role-based access control (RBAC) model.

All of your data is securely replicated to multiple data centers, which allows us to quickly enact point-in-time recovery when a disaster or security incident occurs.
Security and encryption keys are always securely kept in hardware security modules (HSM) based Key Management Services that also meet NIST and FIPS 140-2 controls.

Your Identity, Your Control

control your identityCity Innovate connects with your Identity Provider (IdP) in Azure Active Directory (Entra) so that you can control the password policy, multi-factor authentication requirements and provide seamless onboarding/offboarding controls to meet your own security requirements.

Our enterprise solution can also optionally provide non-Active Directory username/password accounts when you need external collaborators outside of your organization. These accounts are always under your control and can be removed at any time.

Always Your Data, Defended

data defendedYour data is always immediately accessible and can be exported at any time. In the event of contract termination, we will delete all copies of your data after 60 days.

We will never use your data without your agreement. And when we have your agreement, your data is only used for support purposes. City Innovate defends your data using well established policies designed to quickly handle incidents or vulnerabilities.

Preventing Intrusion

intrusion detectionCity Innovate’s production systems are surrounded by Intrusion Detection and Prevention systems, including advanced Web Application Firewalls and Secure Network Routing. We employ the principle of least privilege for all systems and infrastructure to control access tightly only when needed.

Our continuous monitoring and Security Information and Event Management (SIEM) systems provide 24×7 protection against malicious behavior – such as data breaches, external attacks, or ransomware.

Hiring Securely

background checksWe hire US based employees and contractors after a complete set of criminal, education, and employment background checks in line with the federal requirements to ensure you can trust our team. Every individual undergoes security awareness training and accepts all of our information security policies.

How We Protect Your Data
Your Identity, Your Control
Always Your Data, Defended
Preventing Intrusion
Hiring Securely

Security Features

AWS GovCloud System Security Plan Systems Architecture Authentication/SSO Technology Recovery Plan System Availability and SLAs Failover and Backup

AWS GovCloud

City Innovate partners with AWS GovCloud for secure cloud solutions, to give our government customers the flexibility to architect secure cloud solutions that comply with the FedRAMP High baseline; the DOJ’s Criminal Justice Information Systems (CJIS) Security Policy; U.S. International Traffic in Arms Regulations (ITAR); Export Administration Regulations (EAR); Department of Defense (DoD) Cloud Computing Security Requirements Guide (SRG) for Impact Levels 2, 4 and 5; FIPS 140-2; IRS-1075; and other compliance regimes.

AWS GovCloud is operated by employees who are U.S. citizens on U.S. soil. AWS GovCloud (US) is only accessible to U.S. entities and root account holders who pass a screening process.

System Security Plan

As required by NIST-171, a System Security Plan (SSP) that is available upon request.

Systems Architecture

City Innovate is hosted within the AWS GovCloud regions in the United States. AWS GovCloud (US) is FedRAMP High, DoD IL2, 4, 5 and only allows access to US citizens.

Authentication/SSO

The City Innovate platform can integrate with your agency’s Azure Active Directory Single Sign On or through our application authentication. Application authentication uses credentials that meet NIST standards and are one-way hashed per the OWASP recommendations.

Technology Recovery Plan

As required by the California State Administration Manual (SAM), CI maintains a Technology Recovery Plan (TRP) that is available upon request.

System Availability and SLAs

The City Innovate platform and APIs utilize redundant data centers and redundant servers to provide maximum uptime for our customers. Our published availability is 99.9% and we have exceeded this target for the last year.

Failure and Backup

City Innovate has designed failover to support several scenarios:

  • Datacenter loss – in the event of a datacenter loss, a redundant datacenter will immediately take over with minimal service interruption.
  • Database loss – if a database becomes unavailable and cannot fail over to another datacenter, then the most recent backups will be utilized to recover data to a new datacenter. AWS RDS offers continuous backup and point-in-time recovery (PITR). Additionally, snapshots are taken every 30 mins and retained for 7 years.
  • Image storage loss – images are stored on a system that provides 99.999999999% durability.
AWS GovCloud
System Security Plan
Systems Architecture
Authentication/SSO
Technology Recovery Plan
System Availability and SLAs
Failover and Backup