SupportAbility Privacy, Security and Availability Statement
Australia's privacy legislation and the costs associated with the costs of complying with the system and data related elements can be daunting for small to medium-sized organisations whose expertise lies in other areas.
Envision Systems, its products and its data centres comply with the relevant sections of the Australian Federal Privacy Act 1988 (including the March 2014 changes) around the collection, storage and distribution of private and health related information. These include the following Australian Privacy Principles (APP):
- APP 1.2: An entity must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity's functions or activities to ensure compliance with the APPs and to enable the entity to deal with inquiries or complaints about compliance with the APPs.
- APP 5: Where an entity collects personal information about an individual, the entity must take such steps as are reasonable in the circumstances to tell or otherwise ensure the individual is aware of certain matters.
- APP 8: Rules about disclosing personal information to an overseas recipient and exceptions to those rules.
- APP 10-12: Rules about protecting the integrity of personal information including its quality, security and allowing access and corrections.
We reduce your privacy compliance costs by handling these aspects for you.
In addition, ALL data is stored within Australia at ALL times and your SupportAbility installation, data and files are always kept separate from all other SupportAbility subscribers.
Most organisations operate within standard office buildings. They have reasonable low physical security measure in place.
SupportAbility is hosted in Australian data centres that:
- Are manned by multiple security staff 24x7x365
- Have military data grade security which is why they host many of Australia's major banks such as
- Require retina and palm scans for all staff accessing the data facilities
Most disability service provider organisations or their IT consultants do not have adequate experience to manage security considerations for geographically distributed organisations sending data between offices and to support workers out in the field.
If your data is hosted within your offices, it provides would-be hackers with numerous opportunities to perform "man-in-the-middle attacks" where they can hijack your session and access your data.
The entire success of SupportAbility is driven by its emphasis on data security. All traffic and data between SupportAbility and your computers and mobile devices are encrypted using the best 256-bit encryption techniques available. It's the same encryption level used for online banking facilities. Only selected Envision Systems staff are able to access the servers and multi-factor authentication (MFA) is required to ensure security at all times.
All of your staff passwords are securely encrypted so that even our staff cannot access them
Each of our data centres:
- has achieved ISO 27001 certification
- has been validated as a Level 1 service provider under the Payment Card Industry (PCI) Data
Security Standard (DSS)
- undergoes annual SOC 1 audits
- has been successfully evaluated at the Moderate level for Federal government systems
- has been successfully evaluated as DIACAP Level 2 for DoD systems
If you host your application server within your organisation, you chance of service outages is increased exponentially. You are essentially relying on a single server, a single internet connection. The power supply, network adapters, or hard disks might fail and it may take a week or more to order the parts and have them installed or rebuild the data from backups. This means that your service availability is poor.
SupportAbility hosts your data across multiple servers in multiple Australian data centres. If a server fails for any reason, there will be no loss in the service availability because the other servers will handle the requests. Even if a whole data centre was taken offline, the secondary data centre would still mean that you would notice no loss of service availability. If servers or data centres are offline, additional servers are automatically launched to manage the traffic. We also keep 30 days of nightly backups of all your data.
Placing servers within your organisation means that you have to purchase or lease the hardware. You also need to pay someone to maintain and upgrade the hardware on a regular basis. This process also often causes downtime which negatively affects the availability of the application. Then after 3-4 years, you need to replace the server and go through the process again. Purchasing hardware also means that the costs cannot be fully depreciated in the first year which means you are paying the money up front which affects your cash flow, but you do not receive the full fiscal benefit for 3 years.
Organisation buildings were never designed to be data centres. They often have a room that they call the "server room" but they are usually vastly inadequate for the task at hand.
SupportAbility data centres have:
- state of the art cooling to hold the temperature within 0.5 of a degree
- fire mitigation facilities
- flood mitigation facilities (our data centres are purposely located in non-flood regions)
- full surge protection
- full ISO 9001 compliance
In the event of power outages, battery backup is used to keep servers running whilst power is restored. Multiple backup power generators are available to supplement the power and contracts are in place with petrol tankers to deliver priority petrol to the generators until normal power is restored.
Installing applications on servers within your office means that you need to pay someone to maintain and upgrade the software on a regular basis. This process also often causes downtime which negatively affects the availability of the application constantly upgrade the software.
We release 3-4 major SupportAbility upgrades a year. We upgrade your installation overnight with zero downtime and send you an email detailing all of the new features so that you can start taking advantage of them.
If at any stage, you decide to cancel your SupportAbility subscription, within 15 working days, we will:
- provide all your data to you (in CSV format)
- provide all of your uploaded documents to you
- permanently delete all copies of your data and documents