FastTrack360 Version 12 Online Help
Service Security
Our hosting and service delivery infrastructure ensures the highest level of security and security practises. This is supported by a world-class network, data, and physical security environment. Monitoring of the cloud security is an ongoing process, and we continuously evaluate and reinforce our security policy and practices as we are ISO27001 certified. Our certification is against the standard controls for ISO27001 and we are independently audited on a schedule of; 6 Monthly, Annually and recertified every 3 years.
Here are just some of the security precautions we take:
Secure Sockets Layer - SSL
Our servers have SSL Certificates, 2048bit AES encryption SHA256bit, TLS 1.2, signed by industry leading providers. All data transferred between the users and the service is with state-of-the-art encryption.
Firewalls & Network Security
External access to our servers is controlled by multiple layers of firewalls, intrusion prevention systems and routers, which are configured and monitored according to industry best practices. The infrastructure is SSAE16 certified. As each environment is designed for customer isolation, the FastTrack360 cloud environment is within its own network with appropriate DMZ and VLAN configurations.
Operating Security / User Access
The FastTrack360 platform goes through rigorous stages of testing and validation on all security measures and updates. Strict guidelines are in place to ensure all testing is done in a replicated environment before touching the FastTrack360 production environment. Strict access controls and processes are in place ensuring that only authorised users with approval can gain access to the environment. Rest assured, no unauthorised  user has access to your FastTrack360 environment.
User Passwords
Users must choose a strong password and automatic lockouts are enforced when incorrect passwords are entered repeatedly.
Third party audits and inspections
FastTrack360 security is reviewed and audited on a regular basis. This includes static, dynamic and penetration testing on the infrastructure and software. Application penetration testing is undertaken with each major enhancement release which is commonly once- twice per year.
Third Party Access
We partner with the best vendors, RockSolid – DBA services to ensure everything is performing as expected. FastTrack has defined security policies and access controls with these vendors accessing the platform. At no stage will any third party access your FastTrack360 data.
Information Security
Client data is stored in individual SQL databases, with domain security ensuring only the client has access to their database. The database is not encrypted while active or at rest. Databases are replicated to other SQL Servers in the environment by using SQL Always-On.
Access to data is via SSL, protected with a 2048bit AES encryption SHA256bit, TLS 1.2 certificate.
Physical access to the data is not possible for anyone who is not authorised.
All data is retained whilst the customer has a current contract. If the client ceases their contract, the terms within their LSA defines how that data is retrieved and disposed of.
Data Protection
Each clients FastTrack360 environment’s data is hosted in independent databases and documents are stored in a secured and encrypted cloud storage. The data within the databases is not encrypted but the database files are hosed on Encrypted disks.
Data Backup
FastTrack retains multiple copies of all our clients’ data in multiple locations and in different geographic regions (AWS Availability Zone) for near real time data protection. Each geographic region utilised remains within the same country to comply with data sovereignty laws governed by that region i.e. Australia.
All client data is backed up at multiple intervals and stored offsite (electronically moved) into another geographic region on a nightly basis. Offsite backups are AES 256bit encrypted on transmission and at rest, stored for 30 days.
Physical Security
Our servers are located within top-tier co-location facilities in APAC - Sydney Australia and EU - London Unitied Kingdom. The datacentre locations meet the Uptime Institute Tier III standards. The datacentre location for FastTrack360 has the following accreditations; Tier III Uptime Institute standards, ISO27001 and many more. For further information please visit the following sites:
Compliance: https://aws.amazon.com/compliance/.
Security: https://aws.amazon.com/security/
Application Security
The FastTrack360 application has an inbuilt security model to control access to the applications, which provides the following functionality:
Types of Users: The system supports multiple types of users within the security model:
Agency – An internal user with a full list of features that may be accessed based on assigned role/s.
Candidate – A candidate user that may access candidate specific functionality based on assigned role/s
Client– A client user that may access client specific functionality based on assigned role/s
Integration – An API user that can be granted specific API access to allow eternal solutions to consume FastTrack360 APIs.
Connect – An integration user that can access the FastTrack360|Connect widget (i.e. Pay/Bill widget) from within a 3rd party system integration.
User Role Management - the ability to define unlimited number of user roles where the user can assign permissions to granular features within the application. This includes View, Add, Edit, and Full Control. A user may be assigned multiple roles as long as the permissions don’t clash between roles.
Data Group – the ability to segment the databases based on the system hierarchy so you limit a user access to specific data. I.e. a user can only access record in Melbourne Australia. A user may be assigned multiple data groups.
Password Management:
Strength Management
Length Management
Days Before Password Expiry
Number of login attempt lockouts
Forgotten Password –The system provides functionality for a user to reset their password should they forget it. The user will be emailed a system generated password to log into the solution where they may reset to their own password.
It is the clients responsibility to set and manage the FastTrack360 security policies and user access.
Related pages
Classification-Public