PROTECTION & SECURITY
ibCom mydigitalstructure is a highly secure enterprise-grade fully hosted platform. It runs on Amazon Web Services, a world-class infrastructure provider. ibCom's information security compliance depends on part on the inherent compliance encapsulated within Amazon Web Services.
Before reading about ibCom's information security compliance, we recommend reading:
View our ISO27001 & 270017 certificates.
AWS is compliant with standards: HIPAA, SOC 1/SSAE 16/ISAE 3402 (formerly SAS70), SOC 2, SOC 3, PCI DSS Level 1, ISO 27001, ISO27017, ISO27018, FedRAMP(SM), DIACAP and FISMA, ITAR, FIPS 140-2, CSA, MPAA.
It covers the following area of compliance:
- Supplier employees
- Access management
- External media
- Environmental security
- Network security
Find out more
|IBCOM PLATFORM COMPLIANCE
The next layer in proving compliance is the application platform compliance, covering:
- Data validation - in terms of typing and general rules.
- Error handling
- Session management
We are constantly evaluating the ibCom platform service against industry best standards.
Deployment and maintenance is covered by 3rd party providers who build their apps on top of the ibCom platform.
|ibCom employee access
|The ibCom platform is run by "machines" within the AWS service, with very little human access -onlyafewlongtermhighlyqualifiedemployeeshave access.
Being employeed by ibCom does not inherently give an employee access.
If an employee that has not yet been employed by ibCom for one (1) year requires operational access then they must have at least one years experience with an equivalent well-proven provider similar to ibCom.
All employees are bound by confidentiality / non-disclosure agreements.
|ibCom mydigitalstructure is a fixed application platform developed over the last thirteen plus (13+) years and is now at a point in its lifecycle where it does not change. All application changes occur by 3rd parties in the isolated "user mode" operating on top of the platform.
|ibCom runs a real-time duplicate service in "warm mode".
The warm service is constantly being tested for "ready-to-run" status.
more about regions
|2048/256 SSL - with DH cipher for Perfect forward security.
|2nd factor authentication is available. Single-sign-on is a function of the "user mode" application layer and thus handled by the app provider.
more about authentication
|All of the 700+ platform methods can be functionally controlled for:
Data based restrictions are also available.
more about access control
|ibCom offers a number of ways for reporting issues, including a reward for reporting.
Any issue that is applicable to more than one user (tenant) will be reported to all users (tenants) of the platform.
|ibCom will fix any reported issue within 24 hours (maximum).
|ibCom is constantly updating its ISMS in relation to ibCom's plan-do-check-act framework in-conjunction with measuring-and-evaluating.
|Within both the multi-tenanted and "isolated" modes all data is clearly segmented and can be cleansed by the owner of the data as-and-when they wish, using the standard platform API methods (functions).
|Within both the multi-tenanted and "isolated" mode all data can be backed up by the owner of the data as-and-when they wish, using the standard platform API methods (functions).
|Data geographical location
|ibCom platform is hosted at the AWS Sydney location.
more about regions
|Data can only be accessed by users that the owner of the data has granted access to.
The owner of the data can remove access by users at any time they wish, using standard platform API methods (functions).
|Data is constantly being backed up and restored.
|Space based at-rest data encrption is available with a "Isolated Data Space".
|All logging is in the context of a tenant space and the specific user that initiated the action.
|All operating systems are constantly updated for critical security fixes.
|Systems are constantly being tested for vulnerabilities using OWASP based framework. If a user wishes to conduct their own penetration testing, they need to contact ibCom to make arrangements.
|ibCom uses a number of standard AWS functions to dynamically scale to meet demand.
|ibCom's ISO/IEC 27001 Statement of Applicability
|EU GDPR COMPLIANCE
The EU General Data Protection Regulation (GDPR) supersedes all member states’ data protection laws. The new Regulation expands the rights of natural persons, giving individuals more control over how their information is collected and processed, while putting pressure on organisations that process EU residents’ personal data to tighten their data protection processes.
In a broad sense ibCom at is core is about keeping data private and complies with all personal data privacy as per control 18.1.4 of the ISO27001/17 standard.
More about GDPR...
AWS Processing Data Addendum
The reviews are triggered by either a predefined schedule or ad-hoc business/system change management scenarios (change management types include: employee, team, business process, systems, technology, enhancements, upgrades, partnerships, vendor agreements).
The information security review, audit and policy adjustment process covers: initiation of review/audit, audit checklist, audit and policy review, management approval, implementation, policy modification, redistribution, communication and training as required.
|ISMS Audit (Internal)
|6 monthly (minimum)
|ISMS Policy Reference
Information security policy
ISMS policy reference
Internal training matrix
Risk assessment reports/analysis/treatment (control)
Internal audit report
ISO/IEC 27001/17 Statement of Applicability
|Management Minutes (including the decision to commit to ISO 27001/17,