Hosted Services - Security Statement
Avolution Hosted Services
Avolution Hosted Services utilise some of the most advanced technology for Internet security available today. When you access our site using a modern web browser (Internet Explorer, Mozilla FireFox, Google Chrome, Apple Safari, etc.), Secure Socket Layer (SSL) technology protects your information using both server authentication and encryption of data between your computer and the data centre, ensuring that your data in transit is safe, secure and available only to registered Users in your organisation.
Our servers are securely located in state-of-the-art facilities that are managed by Amazon Web Services (AWS), a premier provider of managed hosting and advanced connectivity solutions. Avolution has chosen AWS because of their reputation for quality service and support as well as their unparalleled reputation for reliably hosting many of the Internet's most trafficked web systems.
AWS's data centres are located in various locations throughout the world, including; North America (e.g. Virginia, California, Oregon), Europe (e.g. Ireland, Frankfurt) and Asia-Pacific (e.g. Sydney, Singapore and Tokyo). Only those within AWS who have a legitimate business need to have such information know the actual location of these data centres, and the data centres themselves are secured with a variety of physical controls to prevent unauthorized access. For more on AWS's hosting and security, click here and here.
People and access
AWS maintains an account on all hosted systems and applications for the purposes of maintenance and support. In some cases, select Avolution support engineers may also have access to hosted applications and data. Only employees with the highest clearance have access to application data. Authentication is done via individual passphrase-protected public keys, rather than passwords, and the servers only accept incoming SSH connections from Avolution and AWS IP addresses. Application data is only accessible with appropriate credentials, ensuring that there is no possibility of one customer having access to another customer's data without explicit knowledge of their login information. Avolution uses industry standard SHA-256 encryption for all passwords
Reports, Certifications, and Independent Attestations
Amazon has in the past successfully completed multiple SAS70 Type II audits, and now publishes a Service Organization Controls 1 (SOC 1) report, published under both the SSAE 16 and the ISAE 3402 professional standards. In addition, Amazon has achieved ISO 27001 certification, and has been successfully validated as a Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS). In the realm of public sector certifications, Amazon has received authorization from the U.S. General Services Administration to operate at the FISMA Moderate level, and is also the platform for applications with Authorities to Operate (ATOs) under the Defense Information Assurance Certification and Accreditation Program (DIACAP). They will continue to obtain the appropriate security certifications and conduct audits to demonstrate the security of their infrastructure and services.
Avolution adheres to a strict policy for ensuring the privacy of your personally identifiable information (such as full name, address, e-mail address, and/or other identifiable information). We will never share your information with third parties outside Avolution unless you give express permission for us to do so, or unless we are required to do so under applicable law. For more information, please see our Privacy Statement.
To download our Security FAQ document click here