- Use Cases
- Process contractors and validate credentials
- Improve facility compliance to industry standards
- Improve speed of visitor check-in process
- Screen visitors or restrict access to my facility
- Automate my reception experience
- Improve and automate my facility evacuation process
- Manage facility security across multiple locations
iLobby Solution Overview
iLobby is an enterprise grade product developed, hosted and tested using highest industry standards, exceeding most requirements.
iLobby is a cloud based secure visitor management system comprising of a self-serve device or kiosk and server side hosted in the cloud. The entire solution is managed through the web-based portal which allows administrators to manage the specific features and details of each installation as well as generate reports pertaining to the visitor activity at each site. This document serves as a review of provided technology with emphasis on the security and redundancy of the solution.
Following is a summary; detailed Technology Review document is available on request, pending executed NDA. Certain items require specific license subscriptions and/or may be subject to additional costs.
Our Employees and Workspace environment
- All iLobby employees are screened with extensive background and criminal record check prior to hiring
- All employees are trained on company’s privacy, safety, security and other workplace policies
- All equipment and data handling follows common security practices
- Applications and hardware are inventoried
- Access is role based with global policies enforced (Active Directory)
- Ports are blocked
- Production data is not locally stored
- Devices are tracked
How We Built iLobby
- iLobby is designed and built in Toronto, Canada
- We follow Agile and Scrum methodology
- We adhere to OWASP Secure Coding Practices (www.owasp.org)
- All software development is version and source controlled
- Three separate environments are maintained (Production, Development, Staging) with restricted access.
- Our development teams do not have access to customer data.
- Microsoft Technologies are used to control access (Azure Active Directory)
Your Data Security, Privacy and Confidentiality
- Custom agreements and privacy policies are available
- Customer can elect to have the data stored in a specific geo-location
- Customer can request custom data retention policies; expired data is deleted using standard SQL DELETE with SQL SHRINK and DOD 5220.22M available on request
- All data is fully encrypted during rest and during transmission
- All access is controlled and monitored
- Customer data is segmented and access is limited to owner(s) only
- Passwords are hashed and cannot be recovered
Visitor Data Security, Privacy and Confidentiality
- Visitor data falls under the main system guidelines for data security
- Global data privacy standards are supported (i.e. GDPR)
- iLobby offers a strong compliance platform which plugs into organization’s global compliance initiatives, implementation of which is managed by the Client
- Geo-distributed data storage is available to comply with local rules
Product, Security, Continuity
- iLobby is hosted on Microsoft Azure (Multiple GEO locations available). Additional hosting options are available utilizing local vendors and our own dedicated hosting environments
- All data centers adhere to common industry standard for data protection and policies. Certifications are geo/site specific and cover PCI DSS, ISAE 3402 Type II, SSAE 16 SOC 1 Type II and CSAE 3416 Type II to name a few.
Please visit Azure trust center for a list of supported certifications and standards: https://azure.microsoft.com/en-us/support/trust-center/
Non-Azure hosted, site specific certifications are provided on request.
- Geo/region specific hosting is available
- Data and services are fully backed and are fully redundant with available 99.7% uptime guarantee.
- Server / Platform structure is hosting dependent and available on request
- iLobby supports Offline mode (no network connection)
- iLobby packages can be deployed with a fully redundant cellular connection
More on Encryption
- All access to web services uses HTTPS (TLS)
- Device to server communication is encrypted with a private key, delivered over secure channel (HTTPS) and tokenized using device unique identifier and other undisclosed variables\
- iLobby can be deployed using a combination of Cellular, WiFi and Ethernet connections. Exact configuration is dependent on each client’s redundancy and hardware requirements.
- iLobby uses standard ports and services which makes it a “plug ‘n play” product when connected to the client’s infrastructure. In most cases no additional configurations are required.
- Clients managing highly restricted environments will need to ensure that traffic to *.goilobby.com bypasses proxies and is whitelisted on the firewall(s).
- In some cases, subject to Client’s WiFi policies, iLobby may need to be provisioned with Client’s WiFi certificates.
- We recommend setting up all of the equipment using static IPs. This makes for a more robust and stable setup. Our preference is to let the client’s DHCP server assign the static IPs using provided MAC addresses.
Subcontractors and Third Parties
- iLobby core engineering function is completely in-house, in our Toronto office.
- Use of any subcontractors puts them in scope of our overall standards for security and privacy. Specifically:
- Each subcontractor must be classified based on their risk
- Their policies and standards have to meet our requirements
- Their policies and standards must be reviewed as frequently as required by their classification within our policies and controls
- iLobby requires use of Third Parties for provision and delivery of some of its services. Specifically:
- Microsoft Azure – hosting provider for the iLobby Platform
- Twilio – SMS and VOICE message delivery
- Vonage – SMS message delivery
- Sendgrid - Email delivery
- Mailgun – Email delivery
- Credit card related activity and data is handled by PCI-DSS certified environment.
- iLobby employs business continuity, data theft and breach insurances covering liability in excess of $2,000,000. Certificate available on request.