Airstudio Technical Specifications

Self-hosted or cloud-hosted application:

Our application is fully cloud-hosted, leveraging secure, scalable AWS infrastructure with best practices for high availability and performance.

User management integration with Office 365:

We currently support standard user authentication and management within the application. Integration with Microsoft Azure Entra ID for single sign-on and user provisioning/sync is not yet implemented as a standard feature.

Multi-Factor Authentication (MFA):

MFA is not currently enforced across all user accounts. That said, we recognize its importance as a strong security control. It has not yet been a formal requirement in our SOC 2 process, but MFA is strongly recommended under the Security Trust Services Criteria (particularly CC6.1 and CC6.2 for access controls and authentication). We are actively considering implementing it as an optional/enforceable feature in the near term and can prioritize this if it aligns with your security requirements.

Data Security:

We are currently in the process of achieving SOC 2 certification, which will provide independent validation of our controls. Key measures already in place include:

Databases accessible only from within private subnets (no public exposure).

Encryption in transit (TLS) for all communications.

Encryption at rest for database volumes.

Field-level encryption for highly sensitive data, such as user passwords (hashed and salted using industry-standard algorithms).

These controls are designed to protect confidentiality, integrity, and availability in line with SOC 2 expectations.

Firewalled:

All services run within private subnets and are protected by network-level firewalls and security groups. Access is strictly controlled and limited to authorized internal traffic, with no unnecessary public exposure.

Integration with production software:

Could you please clarify what specific production software or systems you have in mind (e.g., workflow tools, asset management, ERP, or custom APIs)? We support standard integration patterns (REST APIs, webhooks, etc.) and would be glad to discuss feasibility and approach once we understand the requirements better.

Uptime SLA:

We offer a 99.9% uptime Service Level Agreement (allowing for approximately 43 minutes of allowable downtime per month). In practice, our historical performance has consistently exceeded this target, with minimal unplanned downtime.