top of page

Ultra Front End (UFE   ) Assurance

TM

Cyber Security 

Architecture 

Architecture reviews  are frequently carried out and validated during the development and deployment of UFE into a production environment, by the Enterprise Architecture, Cyber Security and the Engineering teams.

This process ensures that our cloud infrastructure is secure and compliant with security standards. 

Threat Modelling 

We also engage independent service providers to perform external penetration tests to assess the potential system security threats on a regular basis. Remediation activities against discovered vulnerabilities are performed in a timely manner to enable the penetration test provider to retest and verify any issues are fixed. 

Client Data

Data segregation via API 

The Engineering team utilise a comprehensive set of unit, integration, and end to end tests to ensure that customer data is kept segregated. These tests are automatically executed whenever a new feature is rolled out to our pre-production environments. Quality gates have been set up to ensure that any test failures prevent a feature from being rolled out into a production environment if any of these tests fail. 

Reliability 

Our server infrastructure provides secure data storage and high application availability. All application services are started on a secure server with a load-balancing/fault-tolerance system to increase redundancy.  

Establishing a consistent uptime track record is impossible without proper monitoring. Our team is ready to react to any incident during business hours. We have a reliable system to ensure that select employees are instantly notified of any possible safety risks.  

Regular backup  

User data is stored on a failover cluster, backed up every day and encrypted. Production snapshots are taken every five minutes. No matter what happens, your work will stay safe.  

Physical security 

Our product is powered by Amazon Web Services (AWS), the industry's leading provider of secure computing infrastructure. AWS meets stringent security measures that include a variety of physical controls to the data centres, data privacy guarantees, and robust controls to its services. AWS has published white papers on risk and compliance and security processes. The table below outlines the certifications and third-party attestations that AWS has achieved: 

AWS Certifications 

  • SAS70 Type II audits  

  • Level 1 service provider under the Payment Card Industry (PCI) Data  

  • ISO 27001 certification  

  • U.S. General Services Administration FISMA Moderate level operation 

bottom of page