Security

Overview

 

The approach used by AtlasFX for security compliance is based on physical access control, logical access control and maintaining and monitoring security health and compliance of the platform. By incorporating strong information governance (SSAE-16 Type II) with the best security practices, this ensures hosted information is protected and monitored. Risk is mitigated using a Defence in Depth approach to maintain information and application security. Risk is further controlled and mitigated with regular third party security vulnerability and pen testing audits.

security-1

User and System Access Security

The AtlasFX service is hosted on a secure private cloud which is continuously monitored, it has failover and backup processes that meet and exceed industry standards protocols. The following features combine together to increase user and system security.

 

  • Users Access to the platform uses the latest cipher suites and is further secured with two factor authentication. Two factor authentication means the system has two elements to gain access to the system, something you know (password) and something you have (a token).
  • The authentication connection and subsequent traffic is made using the latest encryption cipher suites, which are monitored and upgraded based on current industry best practices. User access and control level security help demarcate roles and responsibilities required around the application.
  • User idle disconnect and strict network access password renewal is implemented.

Data security: Physical and Logical

Logical data security is performed using the latest 256bit RSA encryption cipher suites. The output from the system can also encrypted in transit back to the user or third party applications.

Physical controls around data access in the Tier 3 graded data facility, include the following:

 

  • CCTV monitoring
  • Employee, contractor and
  • Mantrap guarded access
  • Data access control and privileged user monitoring
  • Dedicated secure server storage

 

The hosting organisations are compliant and certified to the following standards ISO 27001, ISO 9001, SSAE Type II.

security-2
security-3

Platform Performance

  • The Daily operations of the service is assured with load balancing and having failover systems in place for the production servers.
  • Disaster Recovery Plans and continual Back Up protocols ensure that a production system can be full restored seamlessly and is governed by ISO 22301:2012 Business continuity Management system.
  • Procedures and protocols around security and patch management ensure that the platform is maintained to mitigate and control system risk.