Where are your cloud servers and systems physically located?
|
- AWS (Sydney, as the default shared service location)
|
Do you replicate any of our data or backup content overseas?
|
- No (as the default shared service)
|
What do you do to ensure our data is isolated from other clients?
|
- Our core cloud platform is multi-tenanted and has been since it's original release in 2000.
- We use extensive layering to ensure UI code has no impact on the tenancy of data.
- Our data-store system only releases data to the compute/api services as consumed by the UI code in the context of a tenancy (data-space).
|
Do you perform daily backups and stored at an offsite location?
|
- We use realtime data-store duplication
- Full back up and test-restores are conducted daily using core AWS RDS functionality.
|
Does your business keep up to date with security vulnerabilities in your systems and software, and apply patches promptly when applicable?
|
- Yes, as part of ISO27001/17 externally certified Information Security Management System (ISMS) we apply all patches. https://docs.entityos.cloud/protect.
- We also use AWS firewall as front-line protection against some threat vectors.
|
Do you store documents with sensitive or client information, are these platforms/applications protected by 2 factor/multifactor authentication?
|
- All user authentication can be protected using TOTP/MFA authentication.
|
Are emails containing sensitive/client information encrypted?
|
- All data stored is encrypted at rest as part of the service.
- Clients (apps) can also use our Cryptography services to encrypt stored data using their own keys.
|
Does your business have measures in place to monitor and record any security events on your systems and networks? (i.e. attempted unauthorised access, or other strange behavior)
|
- Yes, we monitor activity as part of our ISO27001/17 externally certified Information Security Management System (ISMS).
|
Do staff in your business understand the process to follow to report a cyber or security and/or Privacy, Data breach?
|
- Yes, all staff are trained as part of our ISO27001/17 externally certified Information Security Management System (ISMS).
|
Do you have a privacy and data breach response plan in place?
|
- Yes, as part of our ISO27001/17 externally certified Information Security Management System (ISMS).
|
Do you currently conduct cyber awareness training for all staff in your business?
|
- Yes, as part of our ISO27001/17 externally certified Information Security Management System (ISMS).
|
Can your business respond to a security incident effectively?
|
- Yes, we have systems built to respond to incidents as part of our ISO27001/17 externally certified Information Security Management System (ISMS).
|
Do you have a formal process for reviewing user access management for your key systems, servers and data - including client data?
|
- Yes, we have periodic access reviews as part of ourISO27001/17 externally certified Information Security Management System (ISMS).
|
