AIIM PRIVACY & SECURITY

DATA SECURITY

Data security has been at the core of the design of AIIM, ensuring that sensitive client data remains confidential and retains its integrity. This is achieved by leveraging the industry-leading security standards available as part of the Microsoft Azure and other Microsoft cloud platforms. 

Microsoft provides capabilities to help protect data both in transit and at rest. For data in transit, Microsoft Azure uses the Transport Layer Security (TLS) protocol to encrypt connections between customer and Microsoft datacentres. TLS provides strong authentication, message privacy, integrity (by enabling detection of message tampering, interception, and forgery), interoperability, algorithm flexibility, ease of deployment, and ease of use. Perfect Forward Secrecy (PFS) is also used so that each connection between client systems and Microsoft Azure uses unique keys. 

Further information can be found in their whitepaper: 
> Microsoft Azure Compliance – In the context of Australian Security and Privacy Requirements 

Compliance – Privacy Act 1988

AIIM is built upon Microsoft's Power Platform offering where data storage stays within Microsoft Australian data centres, protected by Microsoft's access and authentication protocols. Customers can leverage Microsoft advanced security tools, such as MFA and Conditional Access.  

AIIM has been designed with all the controls required to ensure regulatory compliance and Microsoft’s Cloud Platforms are fully compliant with the Privacy Act 1988: 
> Microsoft Cloud Services - Complying with Australian privacy requirements 

Information Security – ISO27001:2013 

Microsoft Cloud Services are audited annually for compliance against ISO27001: 
> Microsoft - ISO/IEC 27001:2013 Information Security Management Standards 

Authentication and Access Control

AIIM leverages Azure’s Entra ID for seamless single sign-on, ensuring advanced authentication measures such as Multi-Factor Authentication, Conditional Access, Adaptive Risk-Based Authentication, and Identity Protection are available. Administrators benefit from granular access provisioning capabilities while utilising any existing Microsoft-based access control frameworks their organisations have already developed. 

Data access within the AIIM platform is further secured through highly granular role-based access controls, including support for Business Units, Role-Based Security, record-level security, and column-level security. Many nonprofits face a difficult choice between maintaining strong security and managing pricings, which can lead to sharing accounts—especially for volunteers who use the platform infrequently. This practice weakens data security and integrity by allowing multiple users to access critical information under a single login. 

To address this risk, AIIM offers free volunteer licensing, eliminating the need for shared accounts and ensuring that nonprofits can maintain a secure, fully functional practice management system. This approach preserves data privacy and security, while also providing non-repudiation of all actions taken within the platform.