IMRON Corporation

Frequently Asked Questions

Does UnityIS Cloud support multi-tenant or single-tenant, and if multi-tenant, at what level does segmentation occur?

UnityIS Cloud can be configured to manage multiple tenants. The system allows partitioning to be done by devices and personnel records. Thus making the system as granular as needed for any operator.

How is access authenticated, authorized and differentiated in multi-tenancy?

All operators must sign into UnityIS using their unique login. Each operator is pre-assigned to a profile which allows them to access various parts of the software. Profiles also determine which devices and personnel records are visible throughout the system. Hardware can be grouped by Controller Groups or by sites, and each profile can be assigned to designated site(s).

What level of administrator access does IMRON have?

Each cloud site is assigned to an IMRON technical specialist who will have administrator level access to everything in the system for troubleshooting and configuration purposes only. If access needs to be limited, then the customer can request this from their specialist.

Does the system have the ability to push patches?

Yes, the system auto-updates based on a pre-defined time period. Auto-updates are based on when a new update is available, and are only applied when no one is logged into the system. In addition, the system supports the ability to push firmware updates to the field controllers. 

Where does the device data reside?

All data is stored in the database on the UnityIS Cloud server, and then a limited subset of data consisting of credential numbers and access levels is pushed to each of the controllers in the field. No direct network access is allowed to the cloud database server and all communications is encrypted using TLS 1.2 and 2048 bit SSL.

Does IMRON have access to device data?

Each UnityIS Cloud site is assigned to an IMRON technical specialist who will have complete access to the device data for troubleshooting and configuration purposes only. If access needs to be limited, then the customer can request this from their specialist.

Does IMRON have management access to devices?

Each UnityIS Cloud site is assigned to an IMRON technical specialist who will have complete access to manage the devices for troubleshooting and setup purposes only. If access needs to be limited, then the customer can request this from their specialist.

Where are the IMRON data centers located?

Currently IMRON has three Data Centers located in Seattle, Dallas, and Amsterdam. All of our facilties are SAS Type II, audited, Tier 3 Data Centers with up to 10 Gb connectivity and have the following certifications: ISO 9001, ISO 14001, ISO 27001, and SOC 1 Type II

Is the physical location of the device tracked?

Physical location for any of the devices is NOT tracked unless if that information is entered in the database.

Is load balancing available?

Yes, load balancing can be configured upon request to allow traffic to flow between server locations.

Is UnityIS capable of connecting to a directory service to allow accounts to be managed within the directory service?

UnityIS supports Active Directory, and any updates to accounts via Active Directory can be automatically setup to update in UnityIS so that the information will get pushed to the field hardware. 

Does UnityIS prompt for password changes if not connected to a directory service?

Yes, strong password rules are also enforced and password expirations can be applied if not changed within 90 days.

Does UnityIS log configuration changes and administrative actions?

Yes, all changes made within UnityIS are logged and can be queried using Audit reports. In addition all commands that are performed in the system are logged, such as door lock/unlock, relay activation/deactivation, downloads and much more.

Does UnityIS support the ability to grant operators view only access or view and edit access?

Yes, each operator is assigned to a profile that can be pre-configured to have no access, view only, or view and edit access to each of the various modules within the system. 

What onus is on the customer from a security and privacy perspective?

From a security perspective, we recommend that the customer enable single sign-on (SSO) and multi-factor authentication (MFA) on employee accounts for secure login. From a privacy perspective, no private data from the system should be shared via emails, social media, etc...

If a breach occurs, what is the process for dealing with it?

The first step would be to Identify what was breached and the root cause. If an operator's account was compromised, then all operators should be required to change their password and use SSO MFA. If a server breach occurred, then a new server would be restored from a backup with a new administrator account.