PROTECTION & SECURITY
FAQs


The following is a list of frequently asked questions in regards to our approach to protecting your organisation's information.

ibCom has an Information Security Management System (ISMS) which covers managing the confidentiality, integrity, availability of information managed on its entityos.cloud service.

The ibCom ISMS is complaint with ISO27001/17 and externally audited/certified.

Executive Summary

Where are your cloud servers and systems physically located?


  • AWS (Sydney, as the default shared service location)
Do you replicate any of our data or backup content overseas?
  • No (as the default shared service)
What do you do to ensure our data is isolated from other clients?
  • Our core cloud platform is multi-tenanted and has been since it's original release in 2000.
  • We use extensive layering to ensure UI code has no impact on the tenancy of data.
  • Our data-store system only releases data to the compute/api services as consumed by the UI code in the context of a tenancy (data-space).
Do you perform daily backups and stored at an offsite location?
  • We use realtime data-store duplication
  • Full back up and test-restores are conducted daily using core AWS RDS functionality.
Does your business keep up to date with security vulnerabilities in your systems and software, and apply patches promptly when applicable?
  • Yes, as part of ISO27001/17 externally certified Information Security Management System (ISMS) we apply all patches. https://docs.entityos.cloud/protect.
  • We also use AWS firewall as front-line protection against some threat vectors.
Do you store documents with sensitive or client information, are these platforms/applications protected by 2 factor/multifactor authentication?
  • All user authentication can be protected using TOTP/MFA authentication.
Are emails containing sensitive/client information encrypted?
  • All data stored is encrypted at rest as part of the service.
  • Clients (apps) can also use our Cryptography services to encrypt stored data using their own keys.
Does your business have measures in place to monitor and record any security events on your systems and networks? (i.e. attempted unauthorised access, or other strange behavior)
  • Yes, we monitor activity as part of our ISO27001/17 externally certified Information Security Management System (ISMS).
Do staff in your business understand the process to follow to report a cyber or security and/or Privacy, Data breach?
  • Yes, all staff are trained as part of our ISO27001/17 externally certified Information Security Management System (ISMS).
Do you have a privacy and data breach response plan in place?
  • Yes, as part of our ISO27001/17 externally certified Information Security Management System (ISMS).
Do you currently conduct cyber awareness training for all staff in your business?
  • Yes, as part of our ISO27001/17 externally certified Information Security Management System (ISMS).
 
Can your business respond to a security incident effectively?
  • Yes, we have systems built to respond to incidents as part of our ISO27001/17 externally certified Information Security Management System (ISMS).
Do you have a formal process for reviewing user access management for your key systems, servers and data - including client data?
  • Yes, we have periodic access reviews as part of ourISO27001/17 externally certified Information Security Management System (ISMS).
SOME SPECIFICS
Data Location
  • ibCom manages its infrastructure services using Amazon Web Services exclusively.

  • All data is hosted within Australia by default.
Continuity
  • Continuity services are built into entityos.cloud.  You can use these services as part of your organisations business continuity plan.

  • All user actions that change the state of your data are logged with in your space - this log data is available via standard entityos.cloud methods - technical details @
    docs.entityos.cloud/gettingstarted_continuity
Access To Your Data
  • Access to all user data and related infrastructure services is as per our ISO27001 externally certified Information Security Management System.

  • Access is limited to long-term employees.

  • User access is via named user accounts with MFA-TOTP authentication using AWS IAM.

  • All access is logged and monitored.
 
BP-ISO27001-17-Small.png
Executive Summary
Protection & Security
ISMS
Biological Risks
Testing
Continuity
ISO27001/17 Certification
ISO 27001/17 Statement of Applicability

 

 

Help!