Who is responsible for supporting the end devices (smart phones)?
Similar to paging solutions, customers are responsible for providing front line support for Spok Mobile, including basic troubleshooting for all components (host system connection, Spok Mobile local server, and mobile client). Comprehensive training and troubleshooting information is provided as part of the system implementation. Spok support provides customer appointed administrative staff with support.
Why is a password required to register a device?
A password is required to prevent malicious users who know an individual’s cell phone number or email address from registering a device as another user.
Can I send *67 or other feature codes to block my caller ID?
Apple does not allow applications to dial a phone number with a * or # in the string for security purposes, so unfortunately, unless the user is able to have a third-party dialer, such as a SIP phone, the Spok Mobile application is not able to pass feature codes like caller ID block to the phone app.
Android does allow an application to dial a * or # automatically. However, Spok Mobile will pass a feature code to the dialer application, assuming the *67 is in the message body, directly in front of the 10-digit phone number.
What are the storage requirements for this application?
For detailed information on the storage requirements for this application, see the Pre-Implementation Guide Spok Mobile 4.5.
What are the archival options?
The standard SQL Server backup options can be used to schedule an overnight backup of the database in a safe location. The assets for the message can also be backed up.
Will data be stored outside of the network?
No. In order for the services to operate with the database, the database server needs to be in the same network as the application server. Also, the path to store the assets could be on an external server, but the access to it would be a UNC path. This means that it needs to be in the same network as well.
Is the storage process for storing patient information HIPAA compliant?
Yes. The entire Spok Mobile solution is HIPAA compliant.
Is data stored off site?
For hosted configurations of Spok Mobile, data is stored off site by Amazon’s Web Services.
Is data stored offsite securely transmitted?
Yes. Data is securely transmitted using SSL certificates and TLS 1.2.
How is data rendered irretrievable when disposing of it?
The best way to safely delete the data is by detaching the databases from SQL Server and deleting the .mdf and .ldf files using a tool for safe deletion that does not allow the restoration of the data from the hard drive.
Do administrators have the ability to wipe data from devices?
Yes, Spok Mobile system administrators have a wipe command available in the administrative interface.
Can my Spok Mobile servers be virtualized?
Yes. The Spok Mobile application servers can reside in a virtual machine (VM) environment.
What database types can be used with Spok Mobile?
For detailed information on the database types that can be used with Spok Mobile, see Spok Mobile Server Operating Environment.
What are the database maintenance requirements?
The Spok Mobile solution requires hourly transaction log backups, daily full database backups, and daily archive and deletion of data.
How is data securely transmitted between the user and the application (both internally and externally)?
Data is securely transmitted between users and the application by using the following technologies:
- SSL certificates
- TLS 1.2 protocols
If users use the dictate option on their built-in operating system keyboard to dictate a message, will the data be sent to Apple/Google in an unencrypted format?
Yes. If a user taps the dictate option on the built-in OS keyboard to dictate a message, the data is sent to Apple/Google in an unencrypted format. This is not considered a HIPAA-compliant workflow. Though the behavior can vary by device operating system, it is a best practice to educate users not to dictate PHI to the application.
This behavior is common to all mobile apps that use the built-in OS keyboard, such as Epic Haiku.
What directories are required to be backed up?
The Spok Mobile solution does not require that specific directories are backed up.
Does the solution have a built in local backup?
No. The Spok Mobile solution does not have a built in local backup at this time.
Is the application Web-based?
The Spok Mobile product has a Web-based module (the Spok Enterprise Administration interface) and services hosted in IIS. However, the entire solution is not Web-based.
Is HTTPS available?
Yes. HTTPS is the default.
Who is responsible for operating system patching?
The customer site’s local administrator is responsible for updating the system with the latest patches. Spok is not responsible for performing operating system patches.
What testing and approval process needs to be followed for operating system patching?
The testing and approval process for individual sites must be established and dictated by the site. Spok is not responsible for the testing and approval process that needs to be followed for operating system patching.
Who is responsible for managing anti-virus?
The local system administrator is responsible for managing anti-virus practices and applications for the site. Spok is not responsible for managing anti-virus programs or practices for sites at which Spok Mobile is installed.
Are there any directories that should be excluded from anti-virus scans?
Ensure that the .mdf/.ldf files for the AmcomAmcPremiseCore database are excluded from virus scans on any computer running SQL Server. In general, it is recommended that the database files are excluded from all virus scans when SQL Server is installed. See Spok Mobile Antivirus Exclusions List.
What products are used to conduct the anti-virus scans?
The products that are used to conduct anti-virus scans on the system with Spok Mobile installed are dictated by the system administrator for the site. Spok is not responsible for anti-virus practices or products at individual sites.
Is a unique login ID required?
Yes. Unique logins ID’s are required on Spok Mobile devices and in the Spok Enterprise Administration interface. Additionally, unique login ID’s are required when users sign into the application on their devices. In this case, users can log in to the application on devices with a telephone number (enterprise configurations) or email address (public sphere configurations).
If a unique login ID is required, are there any login limitations (Example: numbers, letters, special characters, character limits, etc.)?
The Spok Mobile solution does not place any restrictions on character type for logins; however, the login username should be more than eight characters and less than 100 characters. No spaces are permitted in the login credentials.
What are the parameters for password length and format?
- For Spok Mobile servers, passwords must include at least eight and less than 100 characters; there are no restrictions on password character usage.
- For the Spok Mobile app, password must be between 8 and 32 characters and spaces cannot be used.
Does the application prevent password re-use?
No. The Spok Mobile app does not prevent password re-use.
Is the password file encrypted?
The Spok Mobile passwords are stored in a database. In that database, the password value is encrypted and the database in which the password is stored is also encrypted.
Do passwords display when entered?
No. Complete Spok Mobile passwords do not display when entered. However, the last letter of a password that is in the process of being entered does display.
Are passwords visible to the system administrator(s)?
No. Spok Mobile passwords are not visible to the system administrator(s).
Can the user be prompted to change passwords at first login?
Based on the type of Spok Mobile client that is being used, users may be required to change their passwords when logging in. For enterprise versions of the Spok Mobile client, users are not required to update their passwords when setting up the Spok Mobile client on their device for the first time. However, clients that are set up in the public Spok Mobile group or “sphere” are required to change their password when setting up the application on their device for the first time. Please note that regardless of the configuration of Spok Mobile that users have on their devices, their password information can be changed at any time by updating their profile information in the client application.
Site administrators are never required to update their password information when signing into the Spok Enterprise Administration interface.
Do users have the ability to change their password at any time?
Yes. Regardless of the configuration of Spok Mobile that users have installed on their device, their password information can be changed at any time by updating their profile information. In contrast, the password information that is associated with the Spok Enterprise Administration interface cannot be updated at any time.
Can passwords be set to expire?
No. Passwords cannot be set to expire in any component of the Spok Mobile solution.
Can login IDs be disabled without deleting the ID?
No. Login ID’s cannot be disabled without deleting the ID.
Does the application define roles?
No. The Spok Mobile solution does not define roles.
Which file permissions are supported by this application?
The Read Only, Create, Modify, and Delete file permissions are supported by the Spok Mobile solution.
Does the application lock after failed attempts?
No. The Spok Mobile application does not have the ability to lock after failed login attempts.
Is a password required to access the application?
Yes. Passwords are required to access the Spok Enterprise Administration interface as well as the Spok Mobile clients.
Does the application allow controls on password configuration?
No. The application does not allow controls on password configurations.
Does the application allow automatic log off?
No. The Spok Mobile solution does not allow automatic log off. However, access codes can be set up and can be required to access the Spok Mobile client application on individual devices. When the device goes to sleep or when the Spok Mobile application is closed, users are then required to enter the access code to access the application.
Can automatic log off parameters be managed at the individual or group level?
Automatic log off parameters cannot be managed at the individual or group level at this time.
Do I have to authenticate to search?
If the associated Contact Center is configured to require authentication, yes. The user is prompted to authenticate before searching the directory in the Spok Mobile application on devices. The authentication uses the username/password of the user in the host system, and the results returned are based on their credentials. The authentication expires after a configurable period; the default value for this period is 24 hours.
Are app-initiated messages secured?
Yes. Spok requires the use of a customer-purchased SSL certificate from a trusted authority. This certificate is installed on the Spok Mobile server at the customer site so mobile devices can securely send messages to and from the server.
Are there any special network requirements?
No. The Spok Mobile solution uses standard configurations for the network component of the solution.
Are there any special wireless requirements?
No. The Spok Mobile solution uses standard configurations for the wireless component of the solution.
What protocol is used for wireless encryption?
The Spok Mobile solution uses the standard configured network encryption.
Does Spok Mobile have firewall requirements?
Yes. The Spok Mobile solution does have firewall requirements. For detailed information on the Spok Mobile firewall requirements, please see the Pre-Implementation Guide Spok Mobile 4.5.
Does Spok Mobile require any ports to be open?
For detailed information on the ports that must be open for the Spok Mobile solution to function successfully, please see the Pre-Implementation Guide Spok Mobile 4.5.
Is the inbound firewall rule required for client-initiated messaging?
Yes. To access the directory there must be inbound access to the Spok Mobile server. This has the added benefit of not having to use Spok Mobile hosted for message delivery, so messages never leave the premises.
Are SSL certificates required?
Using SSL certificates is recommended. Spok Mobile requires an SSL 1024 bit or higher certificate from a trusted root certificate authority for local message delivery and client initiated messaging.
How should the load balancer be configured to handle SSL?
The load balancer may be configured to offload SSL to the application servers via direct TCP to 443/8091. The load balancer should act as a TCP proxy for these ports, not an HTTP proxy.