Approved Tools

20.0 Approved Tools Policy

iDialogs utilizes a suite of approved software tools for internal use by workforce members. These software tools are either self-hosted, with security managed by iDialogs, or they are hosted by a Subcontractor with appropriate business associate agreements in place to preserve data integrity. Use of other tools requires approval from iDialogs leadership.

20.1 List of Approved Tools

iDialogs allows employees the freedom to utilize operating systems and development tools they feel comfortable with as long as the underlying systems are properly secured and compliant with iDialogs policies. The following list outlines server and workstation software and tools used for establishing compliance and company collaboration:

  • Google Apps:Used for email and document collaboration. Includes Gmail, Google Docs, & Google Drive.
  • Slack: A messenger service used for internal corporate communication.
  • JIRA: Used for configuration management and to generate artifacts for compliance procedures.
  • GitHub:  A cloud-hosted platform for storing version control. All developers must use two-factor or RSA-based asymmetric authentication when using GitHub. No ePHI is stored in version control.
  • Lynis Enterprise: Used for security and compliance auditing of development and production systems.
  • Linux Malware Detect (LMD): Used to scan files for malicious software including rootkits and tojan horses.
  • ClamAV: Used in conjunction with LMD for automated, periodic scanning of files for malware.
  • OSSEC: A host-level intrusion detection system (HIDS) used for protecting individual machines from attack.
  • SNORT: A network-level intrusion detection system used to detect and prevent attacks such as DDoS.
  • ARPWatch: A network monitoring tool used to monitor network traffic and devices.
  • Sysstat: A compilation of tools used to monitor system performance metrics.
  • ZAP: Used to audit and test application-layer security for vulnerabilities.
  • SSL Labs: A website with tools for use in testing the security of our SSL certificates.
  • Avast Anti-Virus:  Used as an anti-virus and anti-malware protection on workstations running OS X.
  • Windows Defender: Used as an anti-virus and anti-malware protection on workstations running Windows.
  • Windows Firewall: Used as a firewall for network protection on workstations running Windows.