A. The Audit Assistant platform is:
- Hosted in Sydney, Australia, with cloud hosting specialists.
- This service provides a point-in-time restore, in case of accidental or malicious loss of data.
- Databases are point-in-time enabled, with to the minute backups in addition to nightly snapshot backups should accidental or malicious loss of data occur.
- Firewalls enabled on all servers.
- Operating Systems are proactively patched with available security updates where applicable.
- Language and Framework security updates and patches are routinely carried out.
- Zero-day vulnerabilities are identified. Where applicable mitigations or workarounds are applied while awaiting official patches from vendors.
- Files uploaded by individuals are not monitored or scanned for malicious content as they are stored and encrypted end-to-end.
- Files are not executed on AA servers, and therefore not at risk of infecting the service at whole.
- Files stored are at the responsibility of the end-user and the account holder.
- The AA development process includes both automated and manual testing within our update cycle to mitigate and identify potential adverse effects of new developments, including monthly penetration testing.
- Data in transit is protected by encryption to minimise the possibility of access by unauthorised parties.
- Users may log on to their work wherever there is internet access, with enforced multi-factor authentication and strong passwords.
- Multiple staff in any number of locations may work on any part of the audit workbook concurrently.
- Partners or managers may review work remotely, for example from overseas, in airports, or in cafes via Laptop, Smartphone or Tablet.
- Three layers of backups in primary hosting providers in Sydney, Australia.
- Databases are point-in-time enabled, with to the minute backups in addition to nightly snapshot backups should accidental or malicious loss of data occur.
- When testing the backup restore process, restore has typically taken 2-4 hours depending on the scenario we have practiced.
- In addition, full daily backups of the databases plus job snapshots and encrypted attachments are stored with a different data storage provider also in Sydney, Australia.
- The backup of the whole database is automated using a 'snapshot' system enabling users to revert to prior versions of the job in case of accidental data deletion by a user.
- Snapshots are made at critical points as users are working on a job, say before deleting pages or rolling jobs over.
- As an integral component of our disaster preparedness and contingency planning, AA conducts daily backups of the primary database outside of the primary hosting ecosystem.
- These backups are securely stored in Hamilton, New Zealand, ensuring data resilience in the event of a catastrophic failure within the Sydney, Australia region.
SOC2 Type 1 Report
We have recently had a controls audit completed for our system (15 July 2025). Our SOC 2 report is only available to existing and prospective customers and business partners; and only for the limited purposes of meeting compliance obligations and for evaluating controls relating to Security, Availability and Confidentiality Trust Principles. We do not permit or provide the report for any other purposes. Contact us to receive a copy.