HRA Cloud and FCB Technology maintain the best practice expectations for security and disaster recovery.
HRA Cloud is a hosted software-as-a-service (SaaS) application. FCB Technology is responsible for all aspects of management of the IT platform.
The primary servers (hardware and equipment) are located at the Equinix Sy3 facility in Mascot, NSW. The servers and network are managed by a leading Australian enterprise cloud infrastructure provider. Physical security is provided by the data centre vendor. Physical inspections of the facility and its practices are available by appointment with Equinix.
The disaster recovery servers (hardware and equipment) are located at the Global Switch data centre near Sydney. These is a cold copy (switched off). The servers and network are managed by a leading Australian cloud infrastructure provider. Physical security is provided by the data centre vendor.
All equipment, data and backups are located in Australia. All of our employees and contractors are located in Australia or New Zealand.
Replication to the disaster recovery servers uses Continuous Data Protection by R1Soft – real time continuous snapshots of all virtual machines from the primary site to the disaster recovery site. This ensures the disaster recovery site is kept up to date within seconds.
Off-site backups are performed at least four times per day to a facility in North Sydney. We maintain a rolling-backup system covering several months. Offsite backups are encrypted.
All synchronisation and backups are automated and monitored with alerts. In the event of a catastrophic failure, the switch-over from primary to DR is manually triggered by a person in accordance with an escalation process. This involves powering up the disaster recovery site and associated time to recover.
All access to the HRA Cloud website is encrypted.
We use enterprise-grade operating systems and web servers. We use role and permission based security and offer password policies.
Access to key information (eg. records and documents) is audited. No data is permanently deleted in current accounts. An audit trail is maintained for deleted documents and records.
For large enterprise accounts single sign-on, data-at-rest encryption and offsite-data replication options are available.