UMS understands that systems for emergency communication – particularly those that deliver messages to large populations or communities – can be highly sensitive as any incorrect information or abuse of the system can have adverse consequences.
This essentially means that the system must be highly secure. UMS places special importance on security and privacy, and the security model is implemented across all our solutions. Our alert systems ensure that only necessary data is exchanged between users and the operator and provide security against third parties gaining access to the public alert functions or to privacy data.
UMS Alert security and privacy are handled from two different perspectives:
- Access Control security
Only approved users can access the system. Users are granted access to functionality in the API based on groups & roles. Credentials are checked both while accessing the API and on each request to the server. Any attempt to access a method without having the appropriate authorization will result in the error message “Unauthorized” from the web service API.
- Data Exchange security
Only the required data from a mobile operator’s network is exchanged over the secure API towards the user application. Sensitive data collected from probe systems, inventory, radio planning tool or any other systems with the operator is never exposed in the API. Users are limited to define target areas, message content, schedule, priority and/or filtering. Only the status and statistics of the alert transmission and eventual response are transferred back from message recipients.
Users will only have access to the front-end of the API and never to the back-end part of the system. There will be no data exchanged between the user and the operator network or vice-versa outside the API.