The security of Allita should be upheld with the highest level of professionalism and care. She is responsible for handling incredibly sensitive information, and has had many safegaurds built in that exceed the normal security requirements.
A large part of making her secure however is keeping her source code itself secure. Therefore we require all licensed organizations with access to the source code to follow very strict security guidelines.
Some of the requirements to be fully eligible for the BYO IT free license are:
Server setup and maintenance must be done by MSCE certified IT and meet HIPAA level compliance
CISSP or must have proven track record of writing secure applications and knowlege of security best practices
Must use Microsoft SQL Server Enterprise Edition if Allita is to accept and process applications that require social security numbers; Standard Edition is acceptable for internal only use with propper on-site security measures.
Must use your own W2 employed development team or Greenwood 360 approved contractors
A full non-disclosure agreement will be required to be signed by each member of the development team who will have access to the code, as well as an executive of the organization who will be accountable to ensure the non-disclosure and procedure agreements are followed.
Proof of a cleared background check is required for anyone with any kind of access to the sourcecode.
The organziation and its members agree to strictly follow the Source Code Guidelines which outline the security requirements for the storage and transmission of the source code; strict allowance of who can work on the source code; and chain of custody procedures that must be followed with the source code.
Ultimately the ability of the software to perform securely will rest on the shoulders of your development team. While we do not require it, we strongly recommend doing at least quarterly penetration testing.
It is important to note that this is not an open source project. Greenwood 360 retains ownership and full rights to the software. We make no claims to any modifications you develop, and you may elect to share your branches with other licensed users at no cost to them. However none of the resulting product from modifying or adding to the master and or its branches may be redistributed in any way to unlicensed organizations. Greenwood 360 is the sole grantor of licenses, and reserves the right to revoke the license.
In general, a revoked license would only be done where an organization puts the entire community at risk by failing to follow the security guidelines.
The above statements are not the actual agreements for licensing a copy of Allita but an effort to inform interested parties of the spirit of the agreement. The statements above are clarified and stated fully in the actual licensing agreement.
We understand that these requirements may seem harsh or extraordinary, but for the sake of the entire Allita Development Community, they must be upheld without exception.