Safety Management System Data Security

At NorthWest Data Solutions, we prioritize unbreakable data security for SMS Pro, ensuring your aviation safety data is protected with industry-leading standards.

Last Updated: July 12, 2025.

Data Center Used by SMS Pro

Encryption and Data Transmission

SMS Pro employs state-of-the-art Transport Layer Security (TLS 1.3) as standard for all data transmission and storage, encrypting sensitive aviation safety information end-to-end. This default configuration ensures compliance with global standards without compromising performance, protecting against unauthorized access and supporting seamless risk management workflows.

Physical Data Security

Our SMS Pro data is hosted in SAS 70 Type II, NIST, HIPAA, SSAE 16, and PCI DSS certified datacenters. Features include: 24/7 staffing with multi-level access controls; Advanced fire protection and redundant HVAC; N+1 power systems; Redundant Tier 1 internet via Cisco infrastructure. Only authorized NWDS experts access servers, minimizing physical risks for your safety data.

Data Backups and Backup Storage Security

Daily on-site backups during off-peak hours, with off-site replication for disaster recovery. We conduct weekly reviews and quarterly tests to guarantee data integrity—ensuring your SMS records are always available, even in crises, to maintain safety assurance continuity.

Network Security and Monitoring

SMS Pro operates behind enterprise-grade firewalls, with continuous log monitoring by NWDS and datacenter teams. SNMP alerts flag anomalies in real-time, empowering proactive threat response and upholding safety promotion through secure collaboration.

Application Security

Unique usernames, encrypted passwords, and role-based permissions per user/division prevent cross-access. Detailed audit logs track all activity, configurable by your SMS Admin—ideal for consultants auditing compliance and executives overseeing accountability.

Privacy of Data

Your safety data remains strictly confidential; NWDS never shares it without written consent, as per our Services Agreement. This commitment builds trust, aligning with ICAO pillars for a robust safety culture.

Uptime Guarantee

99.9% uptime (excluding scheduled maintenance, averaged 4-6 hours/quarter during non-peak). Advance notices ensure minimal disruption, keeping your SMS tools operational for critical risk assessments.

Certified SAS 70 Type II

SAS 70 Type 2

SAS 70 is a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA). A SAS 70 Audit means that a service organization has been through an in-depth audit of their control objectives and control activities.

NIST Certified Datacenters

NIST Certified Datacenters

Our datacenters have implemented NIST’s set of baseline security controls, documentation requirements, and Federal Information System Controls Audit Manual (FISCAM) control audit methodologies.

HIPAA Certified Datacenters

HIPAA Certified Datacenters

The Health Insurance Portability and Accountability Act (HIPAA) was created by the federal government to protect patients’ private information.

SSAE 16 Certified

SSAE 16

The Statement for Standards for Attestation Engagements (SSAE) No. 16 enhances the SAS 70 standard which governs controls at a service organization. Our datacenters have undergone SSAE 16 audits to keep up to date with new international standards.

PCI DSS Compliance

PCI DSS Compliance

The payment Card Industry Data Security Standard (PCI DSS) is designed to ensure that companies which process, store, or transmit credit card information document and maintain a secure environment.