Security Overview

Introduction

Apply4 Technology Ltd is a software as a service (SaaS) provider for city and local governments to manage application processes. Our portfolio includes FilmApp, EventApp and WorksApp, all offering integrated solutions allowing applications to be made online simply and inexpensively. Our systems are currently used by local government authorities in the UK, USA and New Zealand, and many private companies and agencies.

We understand the importance to our clients of being able to trust our system as being reliable and secure. This document outlines the key parts of our system from that perspective. Where questions arise about our approach we are always happy to provide answers.

Hosting Environment

Our services are hosted on Amazon Web Services (AWS) infrastructure, using data centres in Amazon AWS’s eu-west-2 (London) region.

These AWS physical environments offer a high degree of security as described here.

Our application is run within Docker containers running within Amazon’s Elastic Container Service (ECS).

Files are stored in Amazon’s Elastic File System (EFS) and data is stored in Amazon’s Relational Database Service (RDS).

We use a variety of other AWS services including Route 53, VPC, NAT gateways and CloudWatch alarms.

Our AWS partner, Krystal Hosting Limited, provides 24×7 emergency support, three hundred and sixty five days a year.

Data Security, Backup, and Compliance

Data Security

All information on the move between users’ browsers and our systems is protected from eavesdroppers with 256-bit SSL encryption. The lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating our applications and that your data is secure in transit.

Data at rest in both Amazon RDS and Amazon EFS are protected using industry standard AES-256 encryption.

Backup and Recovery

Database snapshots are taken daily. Transaction logs keep a record of what has happened since the last snapshot. Both are retained for 35 days and, together, allow recovery to any point in time over the last 35 days.

Files in Amazon Elastic File System are backed up and retained for 35 days.

Both database and filesystem backups are stored in multiple AWS Availability Zones (independent data centre locations) within the same AWS region.

Backups are encrypted using an AWS KMS customer master key (CMK).

Security Checks and Scans

We run the following automated checks and scans against our systems, applying patches in response to any issues they identify:

  • An automated scan for potential code-level security weaknesses prior to every code change
  • Weekly automated checks for any known vulnerabilities in 3rd-party Ruby components
  • Quarterly PCI security scans

Policies

Contractual Privacy Protection for Customers

Apply4’s employment contracts include confidentiality provisions that prohibit us from disclosing customer confidential information, including customer and end user data, except under certain narrowly defined circumstances, such as when required by law.

Apply4 Technology employees agree not to access customers’ accounts, including customer data, except to maintain the service, prevent or respond to technical or service problems, at a customer’s request at a customer’s request in connection with a customer support issue, or where required by law.

Code of Conduct, Confidentiality Agreements, and Information Security Policies

Every Apply4 Technology employee and contractor must follow Apply4’s code of conduct, sign confidentiality agreements and follow Apply4’s security policies.

Conclusion

We understand that having confidence that secure and resilient systems are in place is vital for our partners. Our goal is to ensure that Apply4 Technology’s application management systems are able to fully meet your needs.

If you have any additional questions, please get in touch.