Security. Built in.
Security is often a deciding factor in the success or failure of companies and only a single breach can result in an irrecoverable loss of public trust. As such security is of the utmost importance at Formbay and we strive constantly to protect our customers data and our IP moving within our infrastructure and at rest. That is why we are a trusted industry partner of federal government departments and large corporate enterprises
This document provides a high level overview of some of the key security terms and domains which we use to protect the security of our customers data, our data and our own IP and reputation
Secure, redundant, state-of-the-art cloud infrastructure
Formbay applications and data are hosted on AWS a secure, redundant, state-of-the-art cloud infrastructure located at geographically distributed locations within Australia in Sydney based instances.
Hosting locations are carefully selected to mitigate environmental risks, such as flooding, extreme weather, and seismic activity.
Every server in each Formbay data centre is protected with a constantly updated, industry-leading firewall.
Our cloud service providers hold industry certifications that include SOC1 Type II, SOC2 Type II, ISO27001:2013, Cloud Security Alliance STAR, among others.
High data availability & easy backup and recovery
Our data is stored on Amazon S3, a highly durable storage infrastructure designed for mission-critical and primary
Objects are redundantly stored on multiple devices across multiple facilities in an
This is designed to provide 99.99% durability and 99.99% availability of objects over a given year.
Our core applications are deployed to an N+1 UPS standard, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Proactive intrusion monitoring and prevention
Formbay implements network and ISP grade firewalls to provide IP filtering and intrusion detection protection.
All activity on the platform level is tracked and securely recorded using AWS CloudTrail audit logging. This gives us
We use AWS Cloudfront which come with AWS DDos protection service AWS Shield, giving us the possibility to block attackers based on geographic source.
AWS Shield provides always-on detection and automatic inline mitigations that minimise application downtime and latency.
Segmented application architecture & controlled access
Access to system credentials is regulated and controlled by Identity and Access Management (IAM) policies. These policies use granular permissions to allow each application access to the specific credentials it needs to perform it's tasks.
The platform providing our encryption service is both highly available and durable. No one, including Formbay staff or AWS employees, can retrieve the plaintext encryption keys from the KMS service.
All Formbay customer data and metadata is encrypted at rest using an industry-standard AES-256 encryption algorithm. Encryption and decryption work in the background with minimal latency, and are transparent to users, applications, and
All server file systems, object stores and databases are encrypted in this way. System credentials and configuration data are securely separated from the code using the AWS SSM Parameter Store. Encryption keys are managed securely using a the AWS Key Management Service (KMS). The KMS is a secure and resilient service that uses FIPS 140-2 validated hardware security modules to protect the keys.
Inside the Formbay application we maintain audit records with AWS CloudTrail to provide secure auditable logs of who used which keys, on which resources, and when.
Regular third-party audits & penetration tests
Formbay submits to regular third-party audits of our customer data handling, processing and storage systems. These help to ensure we exceed all statutory and regulatory requirements for our data handling and quality management systems
We also engage in regular third-party penetration testing of our infrastructure and applications. These help us to proactively determine weaknesses in our IT systems and in our people and processes in order to constantly improve our security.
Internal Network & building security
Formbay uses a third-party cyber security expert to secure all office hardware security, including our office firewalls, malware detection on laptops and servers. Formbay offices are secured with 24/7 security cameras, building security,
No un-authorised personel are allowed entry into our offices, with all staff issued security tags to gain entry.
Security is everyone's responsibilty
We practice the Principle of least privilege (POLP) which is limiting access rights for users to the bare minimum permissions they need to perform their work. We also believe "Security is everyone's responsibility" and not just the function of
Staff are provided training in secure operations and educated on our Security Policy.
ISO Quality Certification
Formbay holds ISO 9001
We are currently working towards ISO 27001 (Information security) certification.
256-bitSSL/TLS secured between application