Security

Schedullo provides a secure environment to ensure your data is safe, backed up and covered by our continuity plan. As a key principle, Schedullo enforces security both at the application layer and infrastructure layer.

  • Data transiting through the network is encrypted using SSL encryption. All communications from the user browser to our application layer is fully encrypted. All communications to third party applications and services are also encrypted using SSL.
  • Key data is encrypted in the database layer using complex encryption algorithms. None of ourtechnicians can retrieve and see sensitive data.
  • Our database layer is only accessible by our application on our database engineers. No direct actions are permitted on our database servers.
  • Database server has a full failover infrastructure and is accessible across multiple data centres.
  • Our infrastructure is hosted at AWS across multiple regions. Our main data centre is located in Sydney but includes a Content Delivery Network also optimised for the US and Europe.
  • AWS manages dozens of compliance programs. This means that segments of compliance have already been completed. Compliance include:
    • ISO 27001, 9001, 27017, 27018
    • PCI – Security Standards Council
    • SOC
    • HIPAA
    • For full compliance lists, see AWS security website
  • Our infrastructure is fully scalable meaning that resources are automatically allocated depending on the number of users connected.
  • Servers are automatically isolated when issues are identified and automatically replaced by new instances.
  • Regular external and internal penetration testing is performed on our infrastructure, application and database layers.
  • Penetration testing is executed in accordance with AWS requirements.

Any modification to our source code is going through a strict release process:

  • Development code commit
  • Unit testing and code review
  • New code is released to our development servers to perform functional testing including integration with other changes.
  • Regression testing is also performed in this environment.
  • Code is then released to a test environment which is used by a number of internal and external users.
  • Code is finally released to production with a roll back plan in place if required.
  • 4 hours rotating backup for the database server. Backups, following AWS best practice, are not physically stored on the same premises.
  • 10 days of live backups are kept with capability to revert back to specific point of time.