--- title: "Workflow Automation security overview" canonical_url: "https://www.nutrient.io/guides/workflow-automation/admin-guide/development-resources/security-overview/" md_url: "https://www.nutrient.io/guides/workflow-automation/admin-guide/development-resources/security-overview.md" last_updated: "2026-05-23T00:08:18.195Z" description: "Learn how Workflow Automation ensures data security with AWS, compliance, and robust authentication features for workflow automation." --- # Secure workflow automation and compliance solutions This guide explains how Nutrient Workflow Automation ensures robust data security, compliance, and authentication through AWS infrastructure, industry best practices, and strong regulatory adherence. ## AWS shared responsibility model Nutrient Workflow Automation hosts all applications and data storage on AWS, which follows a shared responsibility model: - **AWS responsibility** — Security of physical infrastructure, hardware, and foundational services. - **Customer responsibility** — Secure use and configuration of cloud resources and applications. Learn more: [AWS shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/). ## Authentication options Nutrient Workflow Automation supports two authentication methods: native database authentication with hashed passwords and configurable policies, or single sign-on through SAML 2.0 integration with your identity provider. ### Nutrient Workflow Automation database authentication - Available on cloud, self-managed, and on-premises deployments - User profiles and credentials stored securely within Workflow Automation Platform - Passwords hashed with bcrypt - Supports corporate password policies: length, complexity, expiration ### Single sign-on (SSO) via SAML 2.0 / ADFS / Active Directory - Available on all deployment types (one-time setup fee may apply) - Authentication delegated to your identity provider (IdP) using SAML 2.0 HTTP POST flow - Nutrient Workflow Automation Platform validates SAML assertions and provisions or updates user profiles accordingly - Endpoint and attribute mappings configured during setup ### Session and cookie security Nutrient Workflow Automation applies secure session and cookie handling to help protect authenticated user sessions. This includes explicit cookie policy handling for browser behaviors such as `SameSite`, which helps reduce the risk of cross-site request forgery and improves session security consistency across environments. ## Data encryption Data is protected through TLS encryption for all traffic in transit, with optional AES-256 encryption at rest for stored data in Amazon RDS instances. ### Encryption in transit - TLS 1.2 protects data between client browsers and the Nutrient Workflow Automation application - Uses strong cipher suites (ECDHE-ECDSA and ECDHE-RSA AES-GCM) for secure key exchange and encryption - Traffic inside the AWS private network is unencrypted for performance ### Encryption at rest (optional) - Amazon RDS instances can use AES-256 encryption to protect stored data - Encryption is transparent to applications, requiring no client changes - Helps meet compliance requirements and prevents unauthorized access to storage ## Network security and firewalls - AWS Elastic Load Balancer (ELB) acts as firewall, allowing only HTTPS (port 443) traffic - SSL certificates installed at ELB ensure encrypted browser-to-firewall communication - AWS Shield Standard protects against common DDoS attacks - Additional security layers include AWS VPCs, Security Groups, and network ACLs - This combined approach creates a secure, locked-down cloud environment ## Regulatory compliance Nutrient Workflow Automation maintains compliance with industry standards, including SOC 2/3, HIPAA, FDA 21 CFR Part 11, and GSA Schedule authorization for government agencies. ### SOC 2 and SOC 3 reports - Independent audits confirm Nutrient Workflow Automation meets key compliance controls - SOC 2 report [available upon request](https://www.nutrient.io/contact-sales/?=workflow) - SOC 3 report [available from AWS](https://d1.awsstatic.com/whitepapers/compliance/AWS_SOC3.pdf) ### HIPAA compliance - Business associate agreement (BAA) available to support protected health information handling - Cloud instances meet HIPAA security standards ([request BAA](https://www.nutrient.io/contact-sales/?=workflow)) ### FDA 21 CFR Part 11 compliance - Tools and technology to support trustworthy electronic records and signatures - Ensures regulatory requirements for authenticity, integrity, and confidentiality - [Learn more about Nutrient Workflow Automation Platforms’s 21 CFR Part 11 compliance](https://www.nutrient.io/guides/workflow-automation/admin-guide/development-resources/title-21-cfr-part-11-fda-regulated-compliance.md) ### GSA Schedule / MAS / Federal Supply Schedule - Authorized to sell goods and services directly to U.S. government agencies - Simplifies procurement with pre-negotiated contracts - Learn more about the [GSA Schedule](https://www.gsa.gov/buying-selling/purchasing-programs/gsa-schedule/about-gsa-schedule) ## GDPR compliance (in progress) - Nutrient Workflow Automation Platform is actively working to meet GDPR requirements as both a data controller and processor - Our AWS-hosted platform follows GDPR data protection standards: [AWS GDPR center](https://aws.amazon.com/compliance/gdpr-center/) - Continuous monitoring, log review, network analysis, and breach notifications ensure security and regulatory adherence - Incident notifications to authorities and customers within 24 hours ## Database access controls - Enhanced cloud customers can request secure, IP-restricted access to their Nutrient Workflow Automation database - Encrypted SQL connections recommended for all remote database access ## Disaster recovery Cloud deployments include automated daily backups with incremental backups every 15 minutes, replicated to a separate AWS data center for redundancy. ### Backup strategy - Full backups daily, incremental backups every 15 minutes - Daily backup copies sent to a separate AWS data center - Retain backups for four days on private AWS RDS instances - On-premises/self-managed customers handle their own backup and recovery ### Data retention - Data is never permanently deleted by the system during normal operations — only soft deletes ## Application updates and monitoring Updates are managed through the OnPremise Manager for self-hosted deployments or applied automatically for cloud deployments, with continuous AWS monitoring for system health. ### Update management - On-premises customers use our OnPremise Manager for updates - Cloud deployments receive real-time updates after QA approval - Private cloud clients have single-tenant environments with dedicated DB instances ### Monitoring - AWS monitoring tools track performance, logs, and system health - Support is proactively alerted on issues ## Workflow Automation API and integration plugins - REST and SOAP plugins allow workflow processes to send and receive data from external systems - APIs enable automation of tasks such as initiating processes, running reports, and executing tasks - On-premises and private cloud deployments include an API kit for programmatic control - API documentation available: - [REST Client docs](https://www.nutrient.io/guides/workflow-automation/admin-guide/processes/tasks/integration-task/integration-task-rest-client.md) - [SOAP/Web Service docs](https://www.nutrient.io/guides/workflow-automation.md) - [Developer portal for v7](https://developer.integrify.com) - Latest cloud API docs accessible within the app UI ## Incident management - Nutrient Workflow Automation can be used as an incident management system for reporting and tracking security breaches or safety issues - Includes workflow-driven action and approval processes - Learn more: [incident management](https://www.nutrient.io/blog/incident-management/) --- ## Related pages - [Nutrient Workflow Automation architecture](/guides/workflow-automation/admin-guide/development-resources/architecture.md) - [Workflow Automation API for automation tasks](/guides/workflow-automation/admin-guide/development-resources/api-information.md) - [508 compliance and accessibility](/guides/workflow-automation/admin-guide/development-resources/508-compliance.md) - [Explore Nutrient's development resources and APIs](/guides/workflow-automation/admin-guide/development-resources.md) - [JavaScript help](/guides/workflow-automation/admin-guide/development-resources/javascript-help.md) - [Ensuring FDA compliance with electronic records](/guides/workflow-automation/admin-guide/development-resources/title-21-cfr-part-11-fda-regulated-compliance.md) - [Secure AWS private cloud infrastructure for enterprises](/guides/workflow-automation/admin-guide/development-resources/aws-private-cloud-infrastructure.md)