Covid Compliance Module on AWS

About Customer

Customer is an IT/ITeS large enterprise with more than 35,000 workers. The customer is working on Return to Office initiatives, both to deal with ongoing work and employee welfare as well as planning to get employees back to the workplace. Employee safety, employee welfare, as well as legal compliances are paramount concerns of the client. There is also a consideration to keep costs of operations to stay down, the process should be able to deal with sudden increase and decrease of the number of employees to be handled as the  Covid behavior is still very unpredictable.

Project Drivers

Pandemic has impacted work-life for enterprise as well as individuals. India is a hub for large IT and ITeS organizations and employs more than 4.0 Million in this sector. Covid compliance has come up as a critical issue for this industry sector. IT and ITeS sector has been struggling to deal with Covid compliance in various employee handling transactions. Enterprise has to deal with this issue where the enterprise is providing transportation to employees. Employee declaration on their status, tracking of covid zones, restrictions on reservations for Covid infected or affected employees, and social distancing to be handled. Information collection, tracking the status of employee/areas of travel, avoiding affected employee/affected area and ensuring social distancing along with keeping an auditable record of each of these aspects is required for an enterprise to discharge its obligations to various stakeholders.

Current System overview:

The current system has evolved over the last 18 months largely with pen and paper tracking. Few half-baked standalone systems have been implemented with no tight integration between various aspects of Covid compliance. There is huge lack of audit capability.

Diagram

Key Business/Systems requirements:

  1. Employee and driver self-declaration capture and audit capability.
  2. Tracking of Covid affected areas/zones.
  3. Restriction imposition on Covid affected employees’ travel requests.
  4. Route creation to avoid Covid affected areas and zones.
  5. Automatic social distancing norms enforcement on vehicles.
  6. Fully integrated with transport management solution of the enterprise.
  7. Audit log of all transactions.

Solution Considerations

  • Users have access to system via static as well as mobile device (via android and iOS apps).
  • Process flow in such a manner that the system blocks exposure before it happens.
  • Employee/driver is accountable for self-declaration.
  • Data privacy for individual users.

Implementation Approach:

Newt Global designed an add-on module to the existing transport management system in place on AWS infrastructure to bring the solution to a seamless solution stage and able to utilize a good number of existing data into the system.

Newt Global added a number of features to existing transport management solution. Employee and Driver apps, on android and iOS, are beefed up. At the logon, user gets screen for Covid self-declaration. The declaration is stored in database, consolidated report to management as well as audit trail. Depending on the employee status, employee can proceed with booking, else is provided message that user cannot proceed with trip booking as per declaration points configuration.

In the routing and allocation algorithm, the total capacity of the vehicle has been downgraded by adding a field for Covid vehicle capacity, ensuring, for example, an 8-seater vehicle carries only 3 employees to ensure a 6 ft. distance to meet social distancing norms.

Deployment Architecture

The newly developed add-in is deployed in AWS. The systems architecture is as under:

Diagram

AWS services used:

The AWS services used were: EBS, EC2, S3 and RDS -Aurora MySQL

Third-Party Services used:

The application used Java, Spring REST service, Spring Microservices, Tomcat, Oracle, Swagger, Maven, sl4j, Junit, Bootstrap, JIRA, Stash

Security considerations and implementation

In line with the expectations of the application owner within the enterprise and meeting the corporate security guidelines, the following best practices were implemented.
✓ VPC was adopted with NAT for enterprise access to EC2 instances
✓ All programming / API access to AWS was encrypted with TLS and user access was thru SSH.
✓ AMIs and deployment scripts were hardened as per business requirements
✓ Regular vulnerability scans were done
✓ IAM policies were baked with enterprise LDAP credentials.
✓ Data at rest was protected by using EBS and its native encryption

 

Business benefits of the migration:

  • Flexible, highly available, end to end process.
  • Achieved no noncompliance by placing checks and balances in the system functionality.
  • High security of data and hardware achieved.
  • Redundancy of data removed.
  • Cost optimization achieved by proper use of available vehicles.