AIIM Data Security & Protection

Data security has been at the core of the design of AIIM, ensuring that sensitive client data remains confidential and retains its integrity. This is achieved by leveraging the industry-leading security standards available as part of the Microsoft Azure and other Microsoft cloud platforms. 

Microsoft provides capabilities to help protect data both in transit and at rest. For data in transit, Microsoft Azure uses the Transport Layer Security (TLS) protocol to encrypt connections between customer and Microsoft datacentres. TLS provides strong authentication, message privacy, integrity (by enabling detection of message tampering, interception, and forgery), interoperability, algorithm flexibility, ease of deployment, and ease of use. Perfect Forward Secrecy (PFS) is also used so that each connection between client systems and Microsoft Azure uses unique keys. 

Further information can be found in their whitepaper: 

Microsoft Azure Compliance – In the context of Australian Security and Privacy Requirements

Authentication and Access Control 

AIIM leverages Azure’s Entra ID for seamless single sign-on, ensuring advanced authentication measures such as Multi-Factor Authentication, Conditional Access, Adaptive Risk-Based Authentication, and Identity Protection are available. Administrators benefit from granular access provisioning capabilities while utilising any existing Microsoft-based access control frameworks their organisations have already developed. 

Data access within the AIIM platform is further secured through highly granular role-based access controls, including support for Business Units, Role-Based Security, record-level security, and column-level security. Many nonprofits face a difficult choice between maintaining strong security and managing pricings, which can lead to sharing accounts—especially for volunteers who use the platform infrequently. This practice weakens data security and integrity by allowing multiple users to access critical information under a single login. 

To address this risk, AIIM offers free volunteer licensing, eliminating the need for shared accounts and ensuring that nonprofits can maintain a secure, fully functional practice management system. This approach preserves data privacy and security, while also providing non-repudiation of all actions taken within the platform.

Auditing

Auditing in AIIM can be enabled according to organisational requirements to capture detailed records of user activity and data changes, such as record creation, updates, and deletions. These audit logs can then be shipped to analytics and governance solutions like Microsoft Purview for more comprehensive monitoring, oversight, and compliance reporting.

Compliance – Privacy Act 1988

AIIM is built upon Microsoft's Power Platform offering where data storage stays within Microsoft Australian data centres, protected by Microsoft's access and authentication protocols. Customers can leverage Microsoft advanced security tools, such as MFA and Conditional Access.  

AIIM has been designed with all the controls required to ensure regulatory compliance and Microsoft’s Cloud Platforms are fully compliant with the Privacy Act 1988: 

Microsoft Cloud Services - Complying with Australian privacy requirements 

Information Security – ISO27001:2013 

Microsoft Cloud Services are audited annually for compliance against ISO27001: 

Microsoft - ISO/IEC 27001:2013 Information Security Management Standards

PEOPLE & CULTURE

Sharing Minds employ a full-time human resource manager and adhere to industry best-practice HR management and compliance, to maximise data security and protection. This includes, ensuring we hire professionals with:

  • Certification: Relevant certifications which demonstrate their expertise.

  • Experience: Extensive experience in the industry and a proven track record of success.

  • Security Checks: No safety concerns and compliant with legislated requirements.

  • Compliance Knowledge: Understanding of industry standards and regulations which are crucial for data security.

  • Quality Assurance: Commitment to maintaining high standards of quality and accuracy in their work, ensuring that the results are reliable and actionable.

By recruiting and retaining the right people, Sharing Minds strives to significantly enhance our data security posture every day and protect sensitive information from cyber threats.