Ultra Front End (UFE ) Assurance
Architecture reviews are frequently carried out and validated during the development and deployment of UFE into a production environment, by the Enterprise Architecture, Cyber Security and the Engineering teams.
This process ensures that our cloud infrastructure is secure and compliant with security standards.
We also engage independent service providers to perform external penetration tests to assess the potential system security threats on a regular basis. Remediation activities against discovered vulnerabilities are performed in a timely manner to enable the penetration test provider to retest and verify any issues are fixed.
Data segregation via API
The Engineering team utilise a comprehensive set of unit, integration, and end to end tests to ensure that customer data is kept segregated. These tests are automatically executed whenever a new feature is rolled out to our pre-production environments. Quality gates have been set up to ensure that any test failures prevent a feature from being rolled out into a production environment if any of these tests fail.
Our server infrastructure provides secure data storage and high application availability. All application services are started on a secure server with a load-balancing/fault-tolerance system to increase redundancy.
Establishing a consistent uptime track record is impossible without proper monitoring. Our team is ready to react to any incident during business hours. We have a reliable system to ensure that select employees are instantly notified of any possible safety risks.
User data is stored on a failover cluster, backed up every day and encrypted. Production snapshots are taken every five minutes. No matter what happens, your work will stay safe.
Our product is powered by Amazon Web Services (AWS), the industry's leading provider of secure computing infrastructure. AWS meets stringent security measures that include a variety of physical controls to the data centres, data privacy guarantees, and robust controls to its services. AWS has published white papers on risk and compliance and security processes. The table below outlines the certifications and third-party attestations that AWS has achieved:
SAS70 Type II audits
Level 1 service provider under the Payment Card Industry (PCI) Data
ISO 27001 certification
U.S. General Services Administration FISMA Moderate level operation