One of the most important requirements of the FirstReport Online™ application is data security. The information stored in the application is of a potentially sensitive nature and the privacy of that information must be maintained.

Whenever you request a page, your IP address, browser and version, operating system and the site you came from are stored in a log file. This information cannot be used to identify a specific individual. This information is only used for statistical purposes to help improve this site. We never attempt to track your surfing habits off this site.

We do collect contact information from visitors who voluntarily fill out forms to request access to the free online demo or make other requests. This information will not be shared or sold to any other organization. We may attempt to contact visitors who voluntarily provide their email address or other contact information.

Any email we send that is not a direct response to a request will contain clear instructions how the recipient can "opt-out" of future mailings.

Please contact us if you have questions or concerns about this privacy policy.
 

Security in the FirstReport Online™ Application One of the most important requirements of the FirstReport Online™ application is data security. The information stored in the application is of a potentially sensitive nature and the privacy of that information must be maintained. In order to achieve a high level of security in an Internet application, the following security features are provided:

Operating System Security

The FirstReport Online™ application is hosted on a Windows® 2000 Server under a contract agreement with the web hosting division of Dell® Computer Corporation. Direct access to the computer is controlled through the user logon accounts maintained by Windows 2000. Only a very limited number of logon accounts have direct access to the computer in order to maintain the computer and the FirstReport Online™ application. In addition, as part of the hosting service, Dell® continuously monitors the network traffic on the server to prevent unauthorized access. All other access to the computer is through the Internet server (Internet Information Server version 5). Internet security is discussed below.

Database Security

The data for the FirstReport Online™ application is maintained in a Microsoft SQL Server® (version 7) database which adds another level of security by implementing a second set of logon accounts required to access the information in the database. Access to the database information via the Internet application is accomplished entirely through stored procedures and the logon accounts used in the Internet application can only execute these stored procedures. There is no direct access to the underlying data tables. Each Internet user must go through the stored procedures to access the data. To get to the stored procedures, the user must go through the data access components of the FirstReport Online™ application as discussed below.

Application Security

The FirstReport Online™ application was developed using a technology from Microsoft called a webclass. A webclass is a compiled dynamic link library file (dll) which performs the same functions as Active Server Pages (asp). An active server page uses interpreted script language to perform a prescribed set of functions. Because it is interpreted script, the active server page contains actual source code which can easily be deciphered if the active server page can be obtained from the web server. Active server pages are physically located on the web server with other html files and are therefore potentially exposed via the Internet connection. The webclass on the other hand is a compiled dll component that is not physically located within the web server folders. Because the webclass is compiled (i.e. no source code available) and is not exposed through the web server, it is more secure.

Within the FirstReport Online™ application, a separate set of logon accounts is maintained for users who access the application over the internet. Each employer account created in the application is assigned an access key. Every entity created within the database (i.e. users, locations, departments, employees, incident records, etc.) under this employer account is assigned a unique access key which is derived from the master key assigned to the employer. The access key which is assigned to each individual user of the application is used to select the records within the database that the user can access. This prevents users from different employers being able to access each other's records. Within a given employer account, these keys also prevent users from different departments and locations from seeing each other's records. The application utilizes multiple redundant checks of the user's access key to prevent them from accessing data they are not authorized to see.

Like any other password based security system, the effectiveness of the system is dependent on the users properly protecting their logon account information; however, the effects of poorly maintained logon accounts is isolated on an employer basis. In other words, if one employer allows their logon accounts to be compromised, it will not affect any other employer accounts because the access keys prevent data access between employer accounts.

Because the userID and password used to secure the application are transmitted over the Internet, these transmissions must be accomplished in a secure manner. Internet security is discussed below.

Internet Security

Internet security protects information as it is being transmitted over the Internet. The FirstReport Online™ application provides Internet security through the use of digital encryption. The web server utilizes digital encryption certificate services. This is the same technology used to provide secure Internet communications with online merchants and financial institutions. Each transmittal of information uses a public/private key form of data encryption that scrambles the information being transmitted. The receiving end computer can then use the encryption key to unscramble the information.