HawkSoft 6 > Data Retention & Security

This resource page addresses how data storage, retention, security, and backups are handled in HawkSoft 6, and what may be different from past versions of HawkSoft. 

 

On this page:

  • Data storage & security
    • How is data stored and secured in HawkSoft 6?
    • Multi-factor authentication (MFA)
    • Data masking & user permissions
    • SOC 2 compliance
  • Data retention & backups
    • How is data backed up in HawkSoft 6?
    • Do agencies still need to create their own backups?
  • Data exports
    • Can agencies get a copy of their HawkSoft data at any time?

 

 

How is data stored and secured in HawkSoft 6, compared to past versions of HawkSoft?

In previous versions of HawkSoft, client data and attachments were stored as individually encrypted files that were saved either on the agency’s local server (for local installations) or with a third-party online hosting partner (HawkSoft Online installations).

In HawkSoft 6, client data is no longer structured in files, but is saved as individual pieces of data in databases stored on HawkSoft’s cloud servers on Microsoft Azure. This allows data to be used in far more versatile ways than in previous versions of HawkSoft. Attachments are saved in isolation in blob storage, a flexible solution for storing vast quantities of data of different types in the cloud.

Data at rest is now encrypted at the database level, rather than the file level. In short, the level of encryption is the same, but the format is different. Like in prior versions of HawkSoft, attachments are encrypted upon being added to HawkSoft 6 and cannot be modified once added. Data in transit will continue to be transmitted through HTTPS using TLS (transport layer security), as it was in HawkSoft 5. Learn more about data encryption in our data security article.

Via Azure, HawkSoft 6 utilizes multi-tiered data retention and recovery strategies that mitigate any reasonable risk of data loss (see more details on data backup and recovery below). You can learn more about Azure’s infrastructure here.

 

Additional data security measures


Multi-factor authentication (MFA)
Multi-factor authentication (MFA) is a system of logging in using two or more credential methods. Many software applications and website logins now require MFA to enhance digital security. You can learn more about why MFA is important here. MFA is enabled for all agencies in HawkSoft 6 as an additional layer of security for accessing data at no additional cost. Recognized devices that have logged in using MFA within the last week will be allowed to log into HawkSoft, while unrecognized devices will send a verification code to the user’s email account.


Data masking & user permissions
Like in past versions of HawkSoft, HawkSoft 6 masks PII (personally identifiable information) by default on certain screens. Data can still be copied while masked, and users can select to reveal PII on individual screens. In addition, access to specific areas or client types in HawkSoft can be controlled by agency admins through user permissions, allowing limited access to sensitive information.


SOC 2 compliance
HawkSoft is certified for SOC 2 Type 2 compliance by AICPA & CIMA as an additional measure to maintain the security, availability, processing integrity, confidentiality, and privacy of systems and data. This compliance involves a number of additional security measures, including vulnerability testing by an independent third party.

 

 

How is data backed up in HawkSoft 6?

Data retention and disaster recovery is built into HawkSoft 6. HawkSoft 6 employs a multi-tier data backup strategy, including backups on a daily and weekly basis, with incremental backups (changed data) as frequently as every 10 minutes. This approach significantly reduces the potential for data loss, and positions HawkSoft to better support agencies whose internal activities may have overwritten or impacted data.

Backups of agency data will be retained on a rolling basis for a window of at least 30 days. We are also working to implement backups of client data and attachments on multiple locations on the Azure data center, as well as a secondary Azure data center in a separate location, by later this year. In short, data backup and retention is far more comprehensive, versatile, and secure in HawkSoft 6. See below for further details on data recovery options for different types of data loss.

 

Do agencies still need to create their own backups of their HawkSoft database?

In HawkSoft 6, agencies no longer need to create and save their own backups of their HawkSoft database. With previous versions of HawkSoft (when client and policy data was stored in files on the agency’s local server or a third-party online hosting partner), we recommended that agencies create their own backups of their HawkSoft data in case of catastrophic data loss (loss of entire database) and historical data loss (single corrupted client file, policy, or attachment).

Due to the changes in how data is stored, secured, and retained in HawkSoft 6 as outlined above, additional backup measures by the agency are no longer needed. HawkSoft assumes responsibility for the data that powers HawkSoft 6, similar to most other cloud solution providers. Agency data in HawkSoft 6 is fundamentally more secure and protected from all types of data loss than data on agency-created backups. Below we’ve outlined the different types of possible data loss agencies can experience, and how HawkSoft 6 protects against them.

That said, it is the responsibility of an agency to understand and comply with their state’s regulations regarding the long-term storage of insurance documentation. Often a state will require keeping documents and data for several years.

 

Catastrophic data loss

Catastrophic data loss (loss of the agency’s entire database) typically occurs due to either hardware failure (something happening to the device where the data is stored) or cybersecurity threats (viruses like ransomware that encrypt, corrupt, or delete data). HawkSoft 6 is far less susceptible to hardware failure because agency data is saved in the cloud, not to the agency’s local workstations (like with previous local installations). It’s also less susceptible to cybersecurity threats for the same reason; viruses affecting an agency’s local workstation won’t affect their HawkSoft data, which is stored in the cloud.

Agency data is stored on HawkSoft’s cloud servers on Microsoft Azure (data does not reside on-site at HawkSoft). While it's technically possible for any cloud service to be targeted by cybersecurity threats, Azure is protected by Microsoft’s world-class infrastructure security, physical security, and data protection – which are always evolving to keep up with the latest cybersecurity trends. This is a far higher level of security than HawkSoft, our previous online hosting partners, or individual agencies have resources to achieve on their own. In short, HawkSoft data is better protected than ever on HawkSoft 6.

 

Historical data loss

Historical data loss (the loss of individual pieces of data) is usually caused by localized data corruption or users inadvertently overwriting or deleting data.

Data corruption
Data corruption will be a nominal concern in HawkSoft 6, as there are very few ways data can become corrupted. Data is no longer stored as client or policy files in HawkSoft 6, but rather as individual pieces of data, so there is no “file” that can be corrupted. Attachments are stored in isolation in blob storage rather than in a client file, preventing attachments from corrupting other data.

Overwritten or deleted data
There are very few ways that data can be overwritten or deleted in HawkSoft 6. HawkSoft can assist agencies in restoring policy data that was overwritten or deleted within the 30-day backup window. In the future, HawkSoft plans to implement a Policy History feature that will allow agencies to restore a policy back to a prior point in time, including ones previous to the 30-day backup window. However, this feature will not be available in the early phases of the HawkSoft 6 release. The current Policy History feature captures only partial data for reporting purposes, not for data restoration.

 

 

Can agencies get a copy of their HawkSoft data any time?

HawkSoft firmly believes that independent agencies are the owners of their agency data and should be free to use and move that data as they see fit. Users with Admin permissions have the ability to create an export (in CSV/SQL format) of the agency’s HawkSoft data at any time in the Agency Setup area. Please be aware that these data exports cannot be used to restore a HawkSoft database.

Data exports do not include attachments. As mentioned above, agencies do not need to run regular attachment backups in HawkSoft 6, as they may have done in prior versions. However, agencies can obtain a copy of all attachments in HawkSoft if desired by contacting Product Support.