FMAudit Central Application
FMAudit Central functionality is accessible via a web-based user interface.
Permissions based User Management
Access to the FMAudit Central web console is controlled with permissions-based user management. Users must log in to Central using a designated username and password. Users are assigned one or more roles which specify permissions and are granted access to one or more groups of devices. Administrators will full permissions can specify exactly which screens each user can view and/or interact with.
HTTPS access
The website can be accessed using HTTPS via port 443 provided that the web server is installed with a valid SSL security certificate. Optionally, FMAudit Central Administrators can require users that access the website using HTTPS by redirecting the HTTP version of the website. We recommended all sites to use HTTPS as it ensures encryption of data being transferred over the Internet.
FMAudit Side-By-Side
FMAudit Central utilizes a Model Attributes Database termed as Side-by-Side, which contains various model attributes as printing speeds, when was introduced on the market or OEM Part Numbers compatibilities, which is periodically updated as future models and versions are released by OEMs. FMAudit Central will communicate with Side-by-Side to check for new updates as well as retrieve device attributes to cache them locally on each FMAudit Central system.
1.6 Hosting
FMAudit Central is able to be hosted by ECi Software Solutions within secure and protected datacenters within the US and the UK as well as hosted on premise based upon the needs of the dealer or reseller. ECi Software Solutions understands that the confidentiality, integrity, and availability of our customers’ information is vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems, and processes, to meet the growing demands and challenges of security.
1.7 Secure Data Centers
Our service is collocated in dedicated spaces at top-tier data centers. These facilities provide carrier-level support, including:
Access control and physical security
- 24-hour manned security, including foot patrols and perimeter inspections
- Biometric scanning for access
- Dedicated concrete-walled Data Center rooms
- Computing equipment in access-controlled steel cages
- Video surveillance throughout facility and perimeter
- Building engineered for local seismic, storm, and flood risks
- Tracking of asset removal16
Environmental controls
- Humidity and temperature control
- Redundant (N+1) cooling system
Power
- Underground utility power feed
- Redundant (N+1) CPS/UPS systems
- Redundant power distribution units (PDUs)
- Redundant (N+1) diesel generators with on-site diesel fuel storage
Network
- Concrete vaults for fiber entry
- Redundant internal networks
- Network neutral; connects to all major carriers and located near major Internet hubs
- High bandwidth capacity
Fire detection and suppression
- VESDA (very early smoke detection apparatus)
- Dual-alarmed, dual-interlock, multi-zone, pre-action dry pipe water-based fire suppression
Network protection
- Perimeter firewalls and edge routers block unused protocols
- Internal firewalls segregate traffic between the application and database tiers
- Intrusion detection sensors throughout the internal network report events to a security event management system for logging, alerts, and reports
- A third-party service provider continuously scans the network externally and alerts changes in baseline configuration
Backups
- All data are backed up to tape at each data center, on a rotating schedule of incremental and full backups
- Tapes are not transported offsite and are securely destroyed when retired
1.8 Version Management
Testing and Release Process
Each major and minor release of the software goes through a quality control process, in which multiple FMAudit personnel will regression test altered portions of the system to ensure there has not been a downgrade in security or functionality of the system, as well as validate the new functional aspects. Major releases go through a beta release process where select clients run the new and old systems in parallel.
Source Code Security
FMAudit source code is kept in a secured revision control system, accessible only to authorized persons. Every change to the source code is tracked, which includes which developer made the change and why. Products are encrypted and digitally signed with a code-signing certificate before shipping. An escrow deposit can be made available based on request.