OMTI application security
The data and files you store in your OMTI applications are safeguarded by methods chosen for their appropriateness and security standards.
- RB9 stores the password using secure hash algorithm SHA-512, so no one can decrypt the password.
- RB9 store sensitive data, such as birthdays, SSN, and Tax ID, using AES 256-bit algorithm. The symmetric key is stored in SQL Server, and its password is managed by OMTI. This means if someone steals the data, they cannot decrypt the data even if they know the password.
- The SQL Server cannot be accessed from other locations. Only our web server can access.
- RB Connect uses an SSL with 2048-bit signatures and 256-bit encryption.
- RB Connect only allows access via TLS 1.1/1.2. Other security protocols, such as SSL, TLS 1.0, which are outdated and vulnerable, cannot access RB Connect.
- RB Connect uses the Microsoft Azure platform. Azure is HIPAA, TRUSTe, PCI DSS, NERC CIP compliant. Additional Azure security info
- More security measures will be applied in the future.
- These applications store sensitive data, such as password, birthdays, SSN, Tax ID, and date of death (MR only), using AES 128-bit algorithm. Plus, the encryption key is managed by OMTI.
- The security of the SQL Server is managed by the client themselves, except RB8 Cloud and MR8 Cloud clients, whose servers reside in the cloud on the MicroSoft Azure platform.
- These applications use an SSL with 2048-bit signatures and 256-bit encryption.
- These applications only allow access by TLS 1.1/1.2. Other security protocols, such as SSL, TLS 1.0, which are outdated and vulnerable, cannot access RB Web or MR Web.
- These applications use the Microsoft Azure platform. Azure is HIPAA, TRUSTe, PCI DSS, NERC CIP compliant.
- These applications follow OWASP (Open Web Application Security Project) guidelines, documentation, and tools to develop secure websites. The level of security is set to maximum potential giving your RB Web/MR Web a rating of A+ according to content security policy and security headers testing.