Close this search box.

Security and Disaster Recovery

Security and Disaster Recovery Summary

We recognize that information security and disaster recovery practices are important to our clients.

Just like all information technology, the GuardianERM system is inherently exposed to cyber risks. InConsult recognises these risks and has developed a range of control and recovery measures to ensure integrity, confidentiality, and ongoing availability.

Application Security

GuardianERM allows each client to control who has read and/or write access to which modules and business units. Clients are responsible for user access rights within their database.

Strong password security is an important first step in protecting GuardianERM user accounts.  GuardianERM allows each organisation to customise system password rules to conform to its own internal security policy. Each client can set password expiration periods, password length and password complexity.  All passwords are encrypted, salted one-way hashed for maximum security.

Users sometimes leave their computers unattended or forget to log off. To protect against unauthorized access, GuardianERM automatically closes sessions when there is no session activity for a period of time. The default timeout is 1 hour.  Sessions also implement tokens to ensure access is secure at all times.

Single sign-on 

GuardianERM supports single sign-on (SSO).  SSO is an authentication method that allows users to sign in to Guardian using one set of credentials  – in most cases, your organisations email and password via the Azure Active Directory.  With SSO, there are many benefits:

  • SSO allows for quicker and simpler acquisition or integration of systems within an organisation’s existing infrastructure. This allows for considerable cost and time savings that can be redirected to areas that are more valuable.
  • By eliminating the deployment of additional passwords and accounts management, less IT time is wasted managing staff credentials while also eliminating the possibility of human error.
  • SSO allows organisation’s to take advantage of MFA on systems that would otherwise not support it, increasing layers of security.
  • SSO supports automated monitoring and thanks to the centralisation of credentials, simplifies the assessment of logs across various systems. IT staff are able to identify suspicious behaviour and increases in access activity far quicker than segregated systems.

End-to-end Encryption

GuardianERM ensures that your data is protected in-transit from your browser to our servers using the strongest Internet encryption technologies. From HTTPS to SSE to the latest TLS security, we have it covered.

When your data is stored on our servers it is encrypted-at-rest for further security. This applies to all copies of your data: live, backup, and mirrored.

Server Security

GuardianERM production servers are hosted in Sydney, Australia on Microsoft’s industry leading Azure platform. Azure offers a broad set of key global and industry-specific standards and supporting materials for key regulations, including ISO/IEC 27001 and ISO/IEC 27018, FedRAMP, and SOC 1, 2, and 3 Reports.

Azure also meets regional and national standards that include – Australia IRAP, UK G-Cloud, the EU Model Clauses, EU-U.S. Privacy Shield, Singapore MTCS, the CS Mark in Japan and Singapore MTCS. Azure is an Australian Signals Directorate (ASD) Certified Cloud Service provider.

Rigorous third-party audits, such as those done by the British Standards Institute, verify adherence of Azure to the strict security controls these standards mandate.  When data deletion is requested, we use Azure’s best practice procedures and a wiping solution that is NIST 800-88 compliant, so your data cannot be accidentally available to a third party.

Our security hardened servers have been locked down to comply with industry best practices. These policies/standards/measures include:

  • VPN network protection, Just-in-time access and multi-factor authentication to ensure only InConsult staff access the server.
  • Tough firewall, port and system rules to prevent many types of breaches and restrict access if breached.
  • IP address-controlled access within the GuardianERM infrastructure.
  • Security focussed logging and system auditing to prevent and track cyber-attacks.
  • Automated security policy monitoring to ensure that our infrastructure always complies with best practises.
  • Compliance with several security standards including Azure CIS 1.1.0, ISO 27001, SOC TSP. Our compliance across these standards currently sits at 97% and reviewed monthly.

Penetration Testing

Azure servers are subject to penetration testing based on ten (10) attack vectors that potentially impact degradation of system integrity, confidentiality, and availability.

In addition, InConsult performs periodic penetration tests and cyber security scans to identify potential vulnerabilities on the servers and including our own business network infrastructure. Our latest penetration test found zero common vulnerabilities.

Data Centre Security

For production and back-up, we utilise world-class data centres in Sydney, Australia. Access is physically secured at the boundary via Perimeter fence and gate and Mantrap. Human security includes 24×7 security officers, CCTV, recorders, motion detection and Biometric Readers within the building and on the data centre floor.

UPS redundancy is in place and back-up power is provided via 3 x 3,000kVA diesel generators. 

Our data centre provider meets the following certifications and standards:

  • SOC 1 Type II – American Institute of Certified Public Accountants (AICPA) report used to document controls relevant to an organisation’s Internal Controls over Financial Reporting (ICFR).
  • SOC 2 Type II – A standard designed for technology companies, including: data centres, IT managed services, SaaS vendors, cloud-computing based businesses and other technology.
  • ISO 27001 – An internationally recognised best practice framework that specifies the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS). ISMS is a systematic approach to managing sensitive company information including people, processes and IT systems.
  • PCI DSS – The PCI Security Standards Council offers comprehensive standards and supporting materials to enhance data security for payment cards. They include a framework of specifications, tools, measurements and support resources to help organisations ensure the safe handling of cardholder information at every step.
  • ISO 22301 – An international standard for Business Continuity Management (BCM). It specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruptive events.
  • ISO 14001 – Specifies the requirements for an environmental management system that an organisation can use to enhance its environmental performance in a systematic manner that contributes to the environmental pillar of sustainability.

Cyber Security Framework

InConsult has in place a Cyber Security Framework that is based on the National Institute of Standards and Technology (NIST) Cyber Security Framework. This framework includes policies, standards and procedures that set the expectation of staff and the product. Currently, InConsult has in place a:

  • Cyber Security Policy
  • Information Asset Classification Policy, Procedure and Asset Register
  • Change Management Policy
  • Mobile Device Management Register
  • Data Breach Management Register
  • Cyber Incident Response Plan

Application Change Management

Access to GuardianERM is restricted to the InConsult development team for updates, enhancements, and maintenance. Extensive testing is performed by several team members prior to release.

All clients are notified of major changes and any planned outages due to upgrades. Release notes are documented with each release of a new version.

System Availability, Backup & Recovery

The GuardianERM platform is designed to provide reliable and continuous availability. GuardianERM availability is achieved in numerous ways:

  • The server is locally protected by Azure Live Migration, which predicts/detects hardware/network failures and moves the entire service to a new physical failover server without data loss.
  • In the catastrophic event that the entire Sydney data centre goes offline, GuardianERM is protected by a failover in Melbourne, which can be quickly activated using a mirrored snapshot of the server within 4 minutes of an outage occurring.
  • All data is backed-up daily and stored externally. A data rollback can be performed to reinstate any of the previous 30 days.
  • We have agreeance with Microsoft Azure services covering databases, security, support, and guaranteed availability of 99.9% uptime including failover.

InConsult has a Business Continuity Plan and Data Breach Incident Response Plan that covers all services including GuardianERM. The plan is reviewed annually and updated as required.

Component tests of the various disruption scenarios are tested periodically.

Security Monitoring

Every day, new security issues and attack vectors are created. We strive to stay on top of the latest security developments both internally and by working with external security experts.

Currently, we implement a Cyber Security tool that provides us with real-time monitoring of potential threats by industry-leading organisation UpGuard. We aim to ensure our Cyber Security Rating (CSR) on the UpGuard platform is an “A” as a standard, upward of 850 points.

If you believe your account has been compromised or you are seeing suspicious activity on your account please contact us

upguard security

Data Breach

In the event of a data breach, we will promptly notify our clients.

To date, there has been no loss of data, no security breaches and no unexpected service interruptions reported. 

Official Partnerships

InConsult has secured official partnerships that are key to staying ahead of the ever evolving cyber threat landscape. We are proud to announce official partnerships with:

  • The Australian Cyber Security Centre (ACSC) through the Joint Cyber Security Centre (JCSC) program
    • This partnership privileges InConsult to immediate alerts of threats and vulnerabilities affecting platforms, organisations and the Australian infrastructure as they are discovered.
    • The partnership also promotes threat sharing through the Cyber Threat Intelligence Sharing (CTIS) program.
  • Microsoft Partner Network (MPN) as a verified Australian SMB
    • This partnership verifies InConsult as a legitimate Small to Medium Business (SMB) and a confident power user of Microsoft products.
    • The partnership also privileges InConsult to a vast collection of useful guides and knowledge databases that are not accessible to the general public.

Talk to us about your specific needs.

Request a demo

Thank you for considering a GuardianERM demonstration. We want to ensure the planned demonstration runs smoothly and meets your needs.

To help us better understand your requirements and expectations, please complete the following information. All information provided will be treated as confidential.

Free Trial

After you have arranged a demo, you may qualify for a 7 day free trial to experience GuardianERM yourself and see why our clients choose GuardianERM.

  • Trial is free
  • Access all features and reports
  • No downloads required
  • Use your own data