Secure workflow automation and compliance solutions

This guide explains how Nutrient Workflow Automation ensures robust data security, compliance, and authentication through AWS infrastructure, industry best practices, and strong regulatory adherence.

AWS shared responsibility model

Nutrient Workflow Automation hosts all applications and data storage on AWS, which follows a shared responsibility model:

• AWS responsibility — Security of physical infrastructure, hardware, and foundational services.

• Customer responsibility — Secure use and configuration of cloud resources and applications.

Authentication options

Nutrient Workflow Automation database authentication

• Available on cloud, self-managed, and on-premises deployments

• User profiles and credentials stored securely within Workflow Automation Platform

• Passwords hashed with bcrypt

• Supports corporate password policies: length, complexity, expiration

Single sign-on (SSO) via SAML 2.0 / ADFS / Active Directory

• Available on all deployment types (one-time setup fee may apply)

• Authentication delegated to your identity provider (IdP) using SAML 2.0 HTTP POST flow

• Nutrient Workflow Automation Platform validates SAML assertions and provisions or updates user profiles accordingly

• Endpoint and attribute mappings configured during setup

Data encryption

Encryption in transit

• TLS 1.2 protects data between client browsers and the Nutrient Workflow Automation application

• Uses strong cipher suites (ECDHE-ECDSA and ECDHE-RSA AES-GCM) for secure key exchange and encryption

• Traffic inside the AWS private network is unencrypted for performance

Encryption at rest (optional)

• Amazon RDS instances can use AES-256 encryption to protect stored data

• Encryption is transparent to applications, requiring no client changes

• Helps meet compliance requirements and prevents unauthorized access to storage

Network security and firewalls

• AWS Elastic Load Balancer (ELB) acts as firewall, allowing only HTTPS (port 443) traffic

• SSL certificates installed at ELB ensure encrypted browser-to-firewall communication

• AWS Shield Standard protects against common DDoS attacks

• Additional security layers include AWS VPCs, Security Groups, and network ACLs

• This combined approach creates a secure, locked-down cloud environment

Regulatory compliance

SOC 2 and SOC 3 reports

• Independent audits confirm Nutrient Workflow Automation meets key compliance controls

• SOC 2 report available upon request

• SOC 3 report available from AWS

HIPAA compliance

• Business associate agreement (BAA) available to support protected health information handling

• Cloud instances meet HIPAA security standards (request BAA)

FDA 21 CFR Part 11 compliance

• Tools and technology to support trustworthy electronic records and signatures

• Ensures regulatory requirements for authenticity, integrity, and confidentiality

• Learn more about Nutrient Workflow Automation Platforms’s 21 CFR Part 11 compliance

GSA Schedule / MAS / Federal Supply Schedule

• Authorized to sell goods and services directly to U.S. government agencies

• Simplifies procurement with pre-negotiated contracts

• Learn more about the GSA Schedule

GDPR compliance (in progress)

• Nutrient Workflow Automation Platform is actively working to meet GDPR requirements as both a data controller and processor

• Our AWS-hosted platform follows GDPR data protection standards: AWS GDPR center

• Continuous monitoring, log review, network analysis, and breach notifications ensure security and regulatory adherence

• Incident notifications to authorities and customers within 24 hours

Database access controls

• Enhanced cloud customers can request secure, IP-restricted access to their Nutrient Workflow Automation database

• Encrypted SQL connections recommended for all remote database access

Disaster recovery

Backup strategy

• Full backups daily, incremental backups every 15 minutes

• Daily backup copies sent to a separate AWS data center

• Retain backups for four days on private AWS RDS instances

• On-premises/self-managed customers handle their own backup and recovery

Data retention

• Data is never permanently deleted by the system during normal operations — only soft deletes

Application updates and monitoring

Update management

• On-premises customers use our OnPremise Manager for updates

• Cloud deployments receive real-time updates after QA approval

• Private cloud clients have single-tenant environments with dedicated DB instances

Monitoring

• AWS monitoring tools track performance, logs, and system health

• Support is proactively alerted on issues

Workflow Automation API and integration plugins

• REST and SOAP plugins allow workflow processes to send and receive data from external systems

• APIs enable automation of tasks such as initiating processes, running reports, and executing tasks

• On-premises and private cloud deployments include an API kit for programmatic control

• API documentation available:

  • REST Client docs

  • SOAP/Web Service docs

  • Developer portal for v7

• Latest cloud API docs accessible within the app UI

Incident management

• Nutrient Workflow Automation can be used as an incident management system for reporting and tracking security breaches or safety issues

• Includes workflow-driven action and approval processes

• Learn more: incident management