JMS Data Security & FAQ’s

This document aims to provide information for client FAQ’s.
IONYX will provide further information to satisfy any company IT Cloud Security assessment questionnaires on request.

Hosting:

The JMS platform is hosted on secure servers located in Australia, which have high levels of security protocols, redundancy and multi-locations support through Amazon Web Services (AWS).  The AWS network has proven to be extremely reliable and secure in delivering high capability web solutions. JMS benefits from a data centre and network architecture built to meet the requirements of the most security-sensitive organisations.

Encryption:

All documents, resources and archived records are encrypted in storage.
JMS platform enforces SSL connections for all data transfer.
Our database servers are secured through firewalls and accessible only from the internal IONYX network with no external access possible. Access to cloud network via private key files only.
The IONYX office is in a security-controlled building with no after-hours access permitted without security card access.

Authentication:

Users are granted permissions based on their roles and use username / password over SSL.
The client company administrator has full control over access permission levels and current user status. The client company admin can control device access to the JMS platform and devices can be blocked in the event of a lost or stolen device.
Multiple failed login attempts on a user account restricts full access to the JMS system, and company polices such as mandatory password every X months is enabled at a client level.

Business continuity and disaster recovery:

The IONYX infrastructure has 24-hour monitoring to alert of any service issues. Depending on nature of issue, servers can be replaced on demand, or moved to alternate locations.

Backup:

Databases are deployed in a replicated environment, so at any time multiple servers store all live data. Backups occur daily.
All assets are backed up in the same location and an alternate location.

Redundancy:

The IONYX system runs in a load balanced environment for high availability, so additional resources can be added based on demand or failure.
Databases are deployed in a replicated environment, so multiple servers store all live data.
Entire system can be re-created in an alternate location.
Learn more about AWS’s global infrastructure here: https://aws.amazon.com/about-aws/global-infrastructure/?nc2=h_l2_cc

Penetration testing:

Internal application testing and remote intrusion testing are run against our systems.
3rd party penetration testing has been conducted on our platform by www.kjr.com.au and is incorporated into our development roadmap for new release and functionality on the JMS platform.

Security controls:

The IONYX infrastructure is designed with best practices for security and access restriction, including the following controls:

  • timely application of security patches;
  • regularly updated antivirus software;
  • hardened operating systems;
  • intrusion detection and prevention systems; and
  • data loss prevention mechanisms.

Physical security measures:

The service is hosted with AWS and takes advantage of all their security measures, including the following measures:

  • adequate physical access controls;
  • visitors require escorts;
  • server racks are locked;
  • UPS and generator protection; and
  • appropriate cable management.

More information is on the physical security measures is available here: https://aws.amazon.com/security/

Server access attempts and changes:

Infrastructure access is controlled by the IONYX development team through AWS Identity and Access Management policies & access keys. All access is tracked, logged, date stamped and reviewed regularly.

Security incident response:

IONYX has internal documentation available to our technical team to handle server and security issues. This documentation is only available to authorised IONYX staff. In response to any incident, we will determine the exposure of the information and the source of the security problem (if possible). IONYX commits to communicating with any affected client via email or phone.

Product releases:

IONYX will deliver product enhancements, additional features and other technical requirements from time to time. These updates can be deployed with no disruption to service availability. All releases need to pass a rigorous release process that incorporates functional testing, code reviews, and final approval to release.
Major updates affective system access will be scheduled out of business hours and with prior notification to our clients.

End user privacy:

The JMS application records GPS coordinates on a frequent basis and communicates directly with the JMS cloud service and made available to view and report on in the web administration portal. GPS tracking on the mobile device only occurs on an active journey, once the journey has been completed, the device will automatically cease tracking all JMS related GPS activity.
Users of the JMS app are notified when GPS tracking is enabled and disabled to assist with any privacy concerns about unauthorised GPS tracking of their location.

Each client has the option to enable always on GPS tracking if required by their company safety policy.

Once GPS data has been recorded on the cloud service, this data is removed immediately from the device itself. If the device is unable to synchronise the data with the remote server, this information is stored on the device for a maximum of 7 days.
Journey GPS data is available through the web administration portal for reporting purposes for up to two months and is then archived. Archived records can be retrieved for investigation purposes on request to IONYX.

Disclaimer:

IONYX commits to transparency in the way we manage the security and privacy of our user’s data. IONYX are continuously improving our system security and processes. This document is intended to highlight the methods, approaches and processes we have in place to demonstrate our commitment to providing best practice for our clients and their users.

CONTACT US