Who is responsible for supporting the end devices (smart phones)?
Similar to paging solutions, customers are responsible for providing front-line support for Spok Mobile, including basic troubleshooting for all components (host system connection, Spok Mobile local server, and mobile client). During system implementation, Spok Support provides comprehensive training, troubleshooting and support for customer-appointed administrative staff.
Why is a password required to register a device?
A password is required to prevent malicious users who know an individual’s cell phone number or email address from registering a device as another user.
Can I send *67 or other feature codes to block my caller ID?
Apple does not allow applications to dial a phone number with a * or # in the string for security purposes, so the Spok Mobile application is not able to pass feature codes like caller ID block to the phone app unless the user is able to use a third-party dialer, such as a SIP phone.
Android does allow an application to dial a * or # automatically. However, Spok Mobile will pass a feature code to the dialer application, assuming that "*67" is in the message body, directly in front of the 10-digit phone number.
What are the storage requirements for the Spok Mobile client?
For detailed information on the storage requirements for Spok Mobile, see the Pre-Implementation Guide Spok Mobile 4.7.
What are the archival options?
You can use standard SQL Server backup options to schedule overnight backups of the database in a safe location, and you can also back up message assets.
Will data be stored outside of the network?
No. In order for Spok Mobile services to operate with the database, both the database server and your asset storage location need to be on the same network as the application server.
Is the storage process for storing patient information HIPAA compliant?
Yes. The entire Spok Mobile solution is HIPAA compliant.
Is data stored offsite?
For hosted configurations of Spok Mobile, data is stored off-site by Amazon Web Services.
Is data which is stored offsite securely transmitted?
Yes. Data is securely transmitted using SSL certificates and TLS 1.2.
How is data rendered irretrievable when disposing of it?
The best way to safely delete the data is by detaching the databases from SQL Server and deleting the .mdf and .ldf files using a tool for safe deletion that does not allow the restoration of the data from the hard drive.
Do administrators have the ability to wipe data from devices?
Yes, Spok Mobile system administrators have a wipe command available in the administrative interface.
Can my Spok Mobile servers be virtualized?
Yes. The Spok Mobile application servers can reside in a virtual machine (VM) environment.
What database types can be used with Spok Mobile?
For detailed information on the database types that can be used with Spok Mobile, see Spok Mobile Server Operating Environment.
What are the database maintenance requirements?
The Spok Mobile solution requires hourly transaction log backups, daily full database backups, and daily archive and deletion of data.
How is data securely transmitted between the user and the application, both internally and externally?
Data is securely transmitted between users and the application by using the following technologies:
- SSL certificates
- TLS 1.2 protocols
If I use the dictate option on my built-in operating system keyboard to dictate a message, will the data be sent to Apple/Google in an unencrypted format?
Yes. If a user taps the dictate option on the built-in OS keyboard to dictate a message, the data is sent to Apple/Google in an unencrypted format. This is not considered a HIPAA-compliant workflow. Though the behavior can vary by device operating system, it is a best practice to educate users not to dictate PHI to the application.This behavior is common to all mobile apps that use the built-in OS keyboard, such as Epic Haiku.
Using your device's built-in keyboard to dictate a Spok Mobile message is not HIPAA compliant.
What directories are required to be backed up?
The Spok Mobile solution does not require that specific directories be backed up.
Does the solution have a built in local backup?
No. The Spok Mobile solution does not have a built in local backup at this time.
Is the application Web-based?
Spok Mobile has a Web-based module (the Spok Enterprise Administration interface) and services which are hosted in IIS. However, the entire solution is not Web-based.
Is HTTPS available?
Yes. HTTPS is the default.
Who is responsible for operating system patching?
The customer site’s local administrator is responsible for updating the system with the latest patches. Spok is not responsible for performing operating system patches.
What testing and approval process needs to be followed for operating system patching?
Each customer site is responsible for its own testing and approval process. Spok is not responsible for the testing and approval of operating system patches.
Who is responsible for managing anti-virus?
The local system administrator is responsible for managing anti-virus practices and applications for the site. Spok is not responsible for managing anti-virus programs or practices for sites at which Spok Mobile is installed.
Which directories should be excluded from anti-virus scans?
Ensure that the
.ldf files for the
AmcomAmcPremiseCore database are excluded from virus scans on any computer running SQL Server. In general, exclude the database files from all virus scans when SQL Server is installed. See Spok Mobile Antivirus Exclusions List.
What products are used to conduct the anti-virus scans?
The system administrator at the customer site is responsible for choosing which anti-virus products will be used. Spok is not responsible for anti-virus practices or products at individual sites.
Is a unique login ID required?
Yes. Unique logins ID’s are required on Spok Mobile devices and in the Spok Enterprise Administration interface. Unique login ID’s are also required when users sign into the application on their devices. In this case, users can log in to the application on devices with a telephone number (enterprise configurations) or email address (public sphere configurations).
Are login ID's limited in terms of characters or length?
Login ID's may not use space characters. There are no other restrictions on characters which may be used in login credentials. However, the login username should be more than eight characters and less than 100 characters.
What are the parameters for password length and format?
- For Spok Mobile servers, passwords must include at least 8 and less than 100 characters, and may not contain space characters.
- For the Spok Mobile app, password must be between 8 and 32 characters, and may not contain space characters.
Does the application prevent password re-use?
No. The Spok Mobile app does not prevent password re-use.
Is the password file encrypted?
The Spok Mobile passwords are stored in a database. In that database, the password value is encrypted and the database in which the password is stored is also encrypted.
Do passwords display when entered?
No. Complete Spok Mobile passwords do not display when entered. However, the last letter which was typed appears. All previously-entered characters are hidden.
Are passwords visible to the system administrator(s)?
No. Spok Mobile passwords are not visible to the system administrator(s).
Can the user be prompted to change passwords at first login?
Based on the type of Spok Mobile client that is being used, users may be required to change their passwords when logging in. For enterprise versions of the Spok Mobile client, users are not required to update their passwords when setting up the Spok Mobile client on their device for the first time. However, clients that are set up in the public Spok Mobile group or “sphere” are required to change their password when setting up the application on their device for the first time.
Site administrators are never required to update their password information when signing into the Spok Enterprise Administration interface.
Do users have the ability to change their password at any time?
Yes. Regardless of which configuration of Spok Mobile is set up, users can change their password information at any time by updating their profile information in the client application. In contrast, the password information that is associated with the Spok Enterprise Administration interface cannot be updated at any time.
Can passwords be set to expire?
No. Passwords cannot be set to expire in any component of Spok Mobile.
Can login IDs be disabled without deleting the ID?
No. Login ID’s cannot be disabled without deleting the ID.
Does the application define roles?
No. The Spok Mobile solution does not define roles.
Which file permissions are supported by this application?
Spok Mobile supports Read Only, Create, Modify, and Delete file permissions.
Does the application lock after failed attempts?
No. The Spok Mobile application does not have the ability to lock after failed login attempts.
Is a password required to access the application?
Yes. Passwords are required to access the Spok Enterprise Administration interface as well as the Spok Mobile client.
Does the application allow controls on password configuration?
No. The application does not allow controls on password configurations.
Does the application allow automatic log-off?
No. The Spok Mobile solution does not allow automatic log-off. However, access codes can be configured to be mandatory for access to the Spok Mobile client application on individual devices. When the device goes to sleep or when the Spok Mobile application is closed, users are then required to enter the access code to access the application.
Can automatic log-off parameters be managed at the individual or group level?
Automatic log-off parameters cannot be managed at the individual or group level at this time.
Do I have to authenticate in order to search?
Yes, if the associated contact center is configured to require authentication. The user will be prompted to authenticate before searching the directory in the Spok Mobile client. Authentication uses the username and password of the user in the host system, and the results returned are based on their credentials. The authentication expires after a configurable period; the default value for this period is 24 hours.
Are app-initiated messages secured?
Yes. Spok requires the use of a customer-purchased SSL certificate from a trusted authority. This certificate is installed on the Spok Mobile server at the customer site so mobile devices can securely send messages to and from the server.
Are there any special network requirements for Spok Mobile?
No. Spok Mobile uses standard configurations for its network component.
Are there any special wireless requirements for Spok Mobile?
No. Spok Mobile uses standard configurations for its wireless component.
What protocol is used for wireless encryption for Spok Mobile?
Spok Mobile uses the standard configured network encryption.
Does Spok Mobile have firewall requirements?
Yes. The Spok Mobile solution does have firewall requirements. For detailed information about Spok Mobile firewall requirements, see Pre-Implementation Guide Spok Mobile 4.7.
Does Spok Mobile require any ports to be open?
For detailed information about the ports that must be open for Spok Mobile to function, see Pre-Implementation Guide Spok Mobile 4.7.
Is the inbound firewall rule required for client-initiated messaging?
Yes. To access the directory, there must be inbound access to the Spok Mobile server. When this access is set up, it provides an additional benefit: the Spok Mobile hosted component does not need to handle message delivery, so messages never leave the premises.
Are SSL certificates required?
Spok recommends that you use SSL certificates. Spok Mobile requires an SSL 1024-bit or higher certificate from a trusted root certificate authority for local message delivery and client initiated messaging.
How should the load balancer be configured to handle SSL?
The load balancer may be configured to offload SSL to the application servers via direct TCP to 443/8091. The load balancer should act as a TCP proxy for these ports, not an HTTP proxy.