A. The Audit Assistant platform is:
- Hosted in Sydney, Australia, with cloud hosting specialists.
- This service provides a point-in-time restore, in case of accidental or malicious loss of data.
- Databases are point-in-time enabled, with to the minute backups in addition to nightly snapshot backups should accidental or malicious loss of data occur.
- Firewalls enabled on all servers.
- Operating Systems are proactively patched with available security updates where applicable.
- Language and Framework security updates and patches are routinely carried out.
- Zero-day vulnerabilities are identified. Where applicable mitigations or workarounds are applied while awaiting official patches from vendors.
- Files uploaded by individuals are not monitored or scanned for malicious content as they are stored and encrypted end-to-end.
- Files are not executed on AA servers, and therefore not at risk of infecting the service at whole.
- Files stored are at the responsibility of the end-user and the account holder.
- The AA development process includes both automated and manual testing within our update cycle to mitigate and identify potential adverse effects of new developments, including monthly penetration testing.
- Data in transit is protected by encryption to minimise the possibility of access by unauthorised parties.
- Users may log on to their work wherever there is internet access, with enforced multi-factor authentication and strong passwords.
- Multiple staff in any number of locations may work on any part of the audit workbook concurrently.
- Partners or managers may review work remotely, for example from overseas, in airports, or in cafes via Laptop, Smartphone or Tablet.
- Three layers of backups in primary hosting providers in Sydney, Australia.
- Databases are point-in-time enabled, with to the minute backups in addition to nightly snapshot backups should accidental or malicious loss of data occur.
- When testing the backup restore process, restore has typically taken 2-4 hours depending on the scenario we have practiced.
- In addition, full daily backups of the databases plus job snapshots and encrypted attachments are stored with a different data storage provider also in Sydney, Australia.
- The backup of the whole database is automated using a 'snapshot' system enabling users to revert to prior versions of the job in case of accidental data deletion by a user.
- Snapshots are made at critical points as users are working on a job, say before deleting pages or rolling jobs over.
- As an integral component of our disaster preparedness and contingency planning, AA conducts daily backups of the primary database outside of the primary hosting ecosystem.
- These backups are securely stored in Hamilton, New Zealand, ensuring data resilience in the event of a catastrophic failure within the Sydney, Australia region.
AA is currently working with an IT audit company to complete a Service Organisation Control Type 2 (SOC2) report.