Sumo Logic is used to capture, monitor, and analyze server-side logs.
Rollbar is used to capture, monitor and analyze client-side software logs.
Kissmetrics is used to capture user activity logs (data access, in-app-activity)
Crashlytics is used to capture crash reports from mobile clients.
Tidepool maintains a Business Associate Agreement for HIPAA compliance with both SumoLogic and Rollbar for handling of PHI.
Sumo Logic Application service logs and analysis are available to six employees who maintain Tidepool's infrastructure. Rollbar logs are available to all developers.
Monitoring, audit controls, and system activity review is documented and complies with 45 CFR 164.308(a)(5)(ii)(C), 45 CFR 164.312(b), and 45 CFR 164.308(a)(1)(ii)(D).
Tidepool implements administrative safeguards compliant with 45 CFR 164.308(a)(1) and has addressable safeguards compliant with 45 CFR 164.308(a)(3).
All application logs are stored on encrypted filesystems in Virtual Private Clouds (VPC) as described in System architecture. Access logs to instances containing PHI are maintained via operating system logging mechanisms.
All logs are stored and verified with integrity protection or checksums to provide information to validate integrity of all log and audit data.
Where possible, logs are stored in write-only media, with no capapbility to modify the data
Where possible, logs are sent off the host/application they are operating in, to provide additional integrity and mitigate the possibility of log modification
At this time, Tidepool retains operation logging and audit trails indefinitely.