Service Security

Our hosting and service delivery infrastructure ensures the highest level of security and security practises. This is supported by a world-class network, data, and physical security environment. Monitoring of the cloud security is an ongoing process, and we continuously evaluate and reinforce our security policy and practices as we are ISO27001 certified. Our certification is against the standard controls for ISO27001 and we are independently audited on a schedule of; 6 Monthly, Annually and recertified every 3 years.

Here are just some of the security precautions we take:

1 Secure Sockets Layer - SSL
2 Firewalls & Network Security
3 Operating Security / User Access
4 User Passwords
5 Third party audits and inspections
6 Third Party Access
7 Information Security
8 Data Protection
9 Data Backup
10 Physical Security
11 Application Security

Secure Sockets Layer - SSL

Our servers have SSL Certificates, 2048bit AES encryption SHA256bit, TLS 1.2, signed by industry leading providers. All data transferred between the users and the service is with state-of-the-art encryption.

Firewalls & Network Security

External access to our servers is controlled by multiple layers of firewalls, intrusion prevention systems and routers, which are configured and monitored according to industry best practices. The infrastructure is SSAE16 certified. As each environment is designed for customer isolation, the FastTrack360 cloud environment is within its own network with appropriate DMZ and VLAN configurations.

Operating Security / User Access

The FastTrack360 platform goes through rigorous stages of testing and validation on all security measures and updates. Strict guidelines are in place to ensure all testing is done in a replicated environment before touching the FastTrack360 production environment. Strict access controls and processes are in place ensuring that only authorised users with approval can gain access to the environment. Rest assured, no unauthorised user has access to your FastTrack360 environment.

User Passwords

Users must choose a strong password and automatic lockouts are enforced when incorrect passwords are entered repeatedly.

Third party audits and inspections

FastTrack360 security is reviewed and audited on a regular basis. This includes static, dynamic and penetration testing on the infrastructure and software. Application penetration testing is undertaken with each major enhancement release which is commonly once- twice per year.

Third Party Access

We partner with the best vendors, RockSolid – DBA services to ensure everything is performing as expected. FastTrack has defined security policies and access controls with these vendors accessing the platform. At no stage will any third party access your FastTrack360 data.

Information Security

Client data is stored in individual SQL databases, with domain security ensuring only the client has access to their database. The database is not encrypted while active or at rest. Databases are replicated to other SQL Servers in the environment by using SQL Always-On.

Access to data is via SSL, protected with a 2048bit AES encryption SHA256bit, TLS 1.2 certificate.

Physical access to the data is not possible for anyone who is not authorised.

All data is retained whilst the customer has a current contract. If the client ceases their contract, the terms within their LSA defines how that data is retrieved and disposed of.

Data Protection

Each clients FastTrack360 environment’s data is hosted in independent databases and documents are stored in a secured and encrypted cloud storage. The data within the databases is not encrypted but the database files are hosed on Encrypted disks.

Data Backup

FastTrack retains multiple copies of all our clients’ data in multiple locations and in different geographic regions (AWS Availability Zone) for near real time data protection. Each geographic region utilised remains within the same country to comply with data sovereignty laws governed by that region i.e. Australia.
All client data is backed up at multiple intervals and stored offsite (electronically moved) into another geographic region on a nightly basis. Offsite backups are AES 256bit encrypted on transmission and at rest, stored for 30 days.

Physical Security

Our servers are located within top-tier co-location facilities in APAC - Sydney Australia and EU - London Unitied Kingdom. The datacentre locations meet the Uptime Institute Tier III standards. The datacentre location for FastTrack360 has the following accreditations; Tier III Uptime Institute standards, ISO27001 and many more. For further information please visit the following sites:

Compliance: https://aws.amazon.com/compliance/.
Security: https://aws.amazon.com/security/

Application Security

The FastTrack360 application has an inbuilt security model to control access to the applications, which provides the following functionality:

Types of Users: The system supports multiple types of users within the security model:
- Agency – An internal user with a full list of features that may be accessed based on assigned role/s.
- Candidate – A candidate user that may access candidate specific functionality based on assigned role/s
- Client– A client user that may access client specific functionality based on assigned role/s
- Integration – An API user that can be granted specific API access to allow eternal solutions to consume FastTrack360 APIs.
- Connect – An integration user that can access the FastTrack360|Connect widget (i.e. Pay/Bill widget) from within a 3^rd party system integration.
User Role Management - the ability to define unlimited number of user roles where the user can assign permissions to granular features within the application. This includes View, Add, Edit, and Full Control. A user may be assigned multiple roles as long as the permissions don’t clash between roles.
Data Group – the ability to segment the databases based on the system hierarchy so you limit a user access to specific data. I.e. a user can only access record in Melbourne Australia. A user may be assigned multiple data groups.
Password Management:
- Strength Management
- Length Management
- Days Before Password Expiry
- Number of login attempt lockouts
- Forgotten Password –The system provides functionality for a user to reset their password should they forget it. The user will be emailed a system generated password to log into the solution where they may reset to their own password.

It is the clients responsibility to set and manage the FastTrack360 security policies and user access.