SupportAbility Privacy, Security and Availability Statement
Australia's privacy legislation and the costs associated with the costs of complying with the system and data related elements can be daunting for small to medium-sized organisations whose expertise lies in other areas.
SupportAbility, its products and its data centres comply with the relevant sections of the Australian Federal Privacy Act 1988 (including the March 2014 changes) around the collection, storage and distribution of private and health related information. These include the following Australian Privacy Principles (APP):
- APP 1.2: An entity must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity's functions or activities to ensure compliance with the APPs and to enable the entity to deal with inquiries or complaints about compliance with the APPs.
- APP 5: Where an entity collects personal information about an individual, the entity must take such steps as are reasonable in the circumstances to tell or otherwise ensure the individual is aware of certain matters.
- APP 8: Rules about disclosing personal information to an overseas recipient and exceptions to those rules.
- APP 10-12: Rules about protecting the integrity of personal information including its quality, security and allowing access and corrections.
We reduce your privacy compliance costs by handling these aspects for you.
In addition, ALL data is stored within Australia at ALL times and your SupportAbility installation, data and files are always kept separate from all other SupportAbility subscribers.
Most organisations operate within standard office buildings. They have reasonable low physical security measure in place.
SupportAbility is hosted in Australian based Amazon Web Services data centres where security is comprehensively managed at each layer; perimeter, infrastructure, data and environment.
Most disability service provider organisations or their IT consultants do not have adequate experience or qualifications to manage the security considerations for geographically distributed organisations that share data between offices or to share data with support workers out in the field.
If your data is hosted within your offices, it provides would-be hackers with numerous opportunities to perform "man-in-the-middle attacks" where they can hijack your session and access your data.
At SupportAbility, data security is referred to as Job Zero. It is our first and primary concern that must be addressed as part of any service we deliver. All traffic and data between SupportAbility and your organisation's devices is encrypted using the best 256-bit encryption techniques available. It's the same encryption level used for online banking facilities. Only a restricted number of SupportAbility engineers have access to the hosting servers, and multi-factor authentication (MFA) is required to ensure security at all times.
All staff passwords are securely encrypted so that even our staff cannot access them. Password strength policies can also be configured by your organisation and enforced by SupportAbility.
Each Amazon Web data centre that we host SupportAbility from:
- has achieved ISO 27001 certification
- has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data
- Security Standard (DSS)
- undergoes annual SOC 1 audits
- has been successfully evaluated at the Moderate level for Federal government systems
- has been successfully evaluated as DIACAP Level 2 for DoD systems
SupportAbility hosts your data across multiple servers in multiple Australian data centres. If a server fails for any reason, there will be no loss in the service availability because the other servers will handle the requests. Even if a whole data centre was to be taken offline as a result of natural disaster, the other resources in the other data centres would handle the requests and there would be little-to-no loss of service availability.
We also keep 30 days of nightly backups of all your data.
Each Amazon Web data centre that we host SupportAbility from has:
- state of the art cooling to hold the temperature within 0.5 of a degree
- fire mitigation facilities
- flood mitigation facilities (our data centres are purposely located in non-flood regions)
- full surge protection
- full ISO 9001 compliance
In the event of power outages, battery backup is used to keep servers running whilst power is restored. Multiple backup power generators are available to supplement the power and contracts are in place with petrol tankers to deliver priority petrol to the generators until normal power is restored.
We release a new version of SupportAbility every 3-4 weeks. We upgrade your installation overnight with zero downtime and send you an email detailing all of the new features so that you can start taking advantage of them