EvoGov CMS Security Overview

Security is extremely important to us. I have outlined our security features in detail for you below to illustrate how we keep your website and data safe.

Elections Results Security – AKA Content Change Alert Security

During our live demo with your team, I mentioned how we have assisted other counties in mitigating inside (staff) threats to their online election results during election seasons. This is over and above the standard security levels that I will outline here for you as well.  During sensitive times, it is possible to setup a global Content Alert that reports and all changes to the website to a list of administrative contacts that you specify. These will send emails and text messages if any change is made to the website.

Import/Export Security

We track all data imports and exports to the system. You can limit imports and exports via security roles that you assign to your staff. This is important to secure because you don’t want all employees having the ability to export citizen email lists and other information. We have actually assisted local government agencies in catching employees trying to export data that they should not, so this is a very real threat.

Form Security

Online web forms (and the data they capture and send) requires special security protection. You have the power to assign which of your staff members have access to each of your website forms. This is important because each form has its own database to store the submissions (this is exclusive to EvoGov). With the necessary permissions, you can export form data directly to Microsoft Excel. This creates a backup of all form submissions before emailing them. Your staff may not delete or alter the submissions (for FOIA compliance).  

Role-Based Security

Managing an employee’s security is easy. You can use the role-based security to assign the appropriate roles to each staff member based on their responsibilities. For example, a Communications Professional would need to have access to change Alerts, Emergency Home Pages, and Send Mass emails and SMS text messages.

Content-Level Security

It is possible to opt-in or block access to specific content and applications based on user login, or department memberships.

Soft Deletes

When an employee clicks a “delete” button, content is simply hidden and not destroyed. All deletions are tracked in the administrator reports so that you can see who deleted what. If content is deleted accidentally, it may be restored by an administrator and returned to live status in seconds.

Revisions / Versioning

When you make a change to a web page, form, or other area of the platform, a new version of that page is saved. In fact, EVERY save to a page creates a new version that is stored with the page. This automatic revision tracking prevents accidental over-writes. If a page is destroyed by accidentally over-writing it, you can simply preview and restore an older version of the page.

Data Backups

We backup all of your data with your website regularly, so if there is a server emergency it can be restored easily.

Additional Hosting-Level Security Measures

  • Amazon Certificate Manager SSL – all websites we host receive free SSL encryption security certificates as part of hosting.
  • Amazon CloudFront – all websites we host receive a content delivery network for delivering static files (like PDFs) from multiple Amazon data centers simultaneously. This will speed up your website and improves availability and uptime.
  • Amazon Wide Area Firewall (WAF) – we automatically block traffic from countries that are not part of the Hauge Convention. We can override this for you if it negatively impacts your operation, but entire countries like Afghanistan, North Korea, etc. are blocked from our servers at the network level.
  • Amazon Elastic Beanstalk Self-Healing Server Clouds – our front-end servers self-heal and grow/shrink in size based on available resources and demand.