Software and Data Security

Secure, reliable, mission critical standards

Our operations team are laser-focused on the security and reliability of your software and its data

Resilient design

Location

Our order management software for wholesalers is hosted by our partners whose data centers are located in ‘Availability zones’ which are independent and physically separated from one another.

Each Data center location is carefully selected to mitigate environmental risks, such as flooding, extreme weather, and seismic activity.

Guaranteed Capacity

Our team continuously monitors the usage of our software to anticipate demand and make sure the right amount of capacity is available at the right time.

Redundancy

To maintain service levels and tolerate network failure, intelligent, self healing automation can direct user network traffic to other sites with sufficient capacity.

The hosting solution for our software solution uses groups of high-performance, network attached storage devices.

Inside each storage device, drives are mirrored to each other in a RAID configuration to create the first level of redundancy.

And, as a final precautionary measure, all data on the system is automatically backed up on a repeating schedule.

Performance

Each Salesorder order management system is a unique instance of all of the software components required to run the customer’s application independently i.e. database, business logic, and web client.

Where appropriate we use Docker containers, to minimize the impact of resource-hungry instances with high throughput on other customer instances.

Availability

To make our order management software for wholesalers highly resilient, critical system components and data are backed up across multiple Availability Zones.

In the event of an outage, data replication can eliminate service interruption or in the case of extreme failure, accelerate recovery.

Power

Electrical power systems are fully redundant and maintainable without impact to operations, 24 hours a day.

Back-up power supplies ensure power is available to maintain operations in the event of an electrical failure for critical and essential loads in the facility.

Climate and temperature

Climate controls maintain a safe operating temperature for servers and other hardware to prevent overheating and reduce the possibility of service outages.

Personnel and systems monitor and control temperature and humidity at appropriate levels.

Fire detection and suppression

Data centers are equipped with automatic fire detection and suppression equipment.

Leakage detection

If water is detected, mechanisms are in place to remove water in order to prevent any additional water damage

Data security

Connection

The connection between your browser and your order management software is protected by 128 SSL encryption.

Each customer has their own ‘instance’ or copy of our app, which means you are not sharing software with other businesses.

As well as the standard username and password, we provide two extra levels of security, a unique account number and a company-wide security code which you can configure to add your own extra security.

Backup

Our systems continually back up your data. We take a complete image backup of our entire server infrastructure every day.

Regulatory

Making sure you have a positive experience with our team, content and software is very important to us.

Because we operate a mission critical service our customers rely on us to protect their order management system and data.

Therefore having in place and enforcing the right level of legal protection is both an obligation and an expectation.

To review how we adhere to regulatory data protection requirements, specifically GDPR click here

Media asset destruction

Media storage devices used to store customer data are classified by us as Critical and treated accordingly.

Our hosting partner has standards on how to install, service, and eventually destroy the devices when they are no longer useful.

When a storage device has reached the end of its useful life, our hosting partner decommissions media using techniques detailed in NIST 800-88.

Media that stored customer data is not removed from our hosting partner’s control until it has been securely decommissioned.

Business continuity plan

Detailed steps about what to do before, during, and after any event that could impact our service are documented and practiced by our teams.

On request, we can provide tri-party escrow agreements to mitigate extreme risks such as failure of our business.

Pandemic response

We track alerts and news from health agencies. Pandemic response policies and procedures are now incorporated into our business continuity plans.

Because of our geographical footprint, we are able to transfer critical processes out of affected regions.

Physical access tracking, and intrusion detection

Our hosting partners carefully regulate access to data centers. Physical access is checked by security staff. Access is permitted only if there is a justified reason.

Access requests and visits are tracked and logged via CCTV and secure access instrumentation. Data center staff wear multi-factor identification which regulates where they have physical access.

Alarms on data center access points sound if unauthorized staff try to enter, or doors are forced or held open. Security staff track and respond to events where appropriate.