EmpLive Technical Overview



Similar documents
<cloud> Secure Hosting Services

TOP SECRETS OF CLOUD SECURITY

Enterprise level security, the Huddle way.

Security Information & Policies

Secure, Scalable and Reliable Cloud Analytics from FusionOps

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Enterprise Workforce Management Solutions

DATA SECURITY POLICY. Data Security Policy

SHARPCLOUD SECURITY STATEMENT

Technical specifications

IT Architecture Review. ISACA Conference Fall 2003

CBIO Security White Paper

Security Controls for the Autodesk 360 Managed Services

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

Troux Hosting Options

FMCS SECURE HOSTING GUIDE

GiftWrap 4.0 Security FAQ

SaaS Security for the Confirmit CustomerSat Software

IBX Business Network Platform Information Security Controls Document Classification [Public]

University of Pittsburgh Security Assessment Questionnaire (v1.5)

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

The increasing popularity of mobile devices is rapidly changing how and where we

Blue Jeans Network Security Features

ProjectManager.com Security White Paper

Collaborate on your projects in a secure environment. Physical security. World-class datacenters. Uptime over 99%

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

GTS Software Remote Desktop Services

Server Installation ZENworks Mobile Management 2.7.x August 2013

Guardian365. Managed IT Support Services Suite

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Security Policy JUNE 1, SalesNOW. Security Policy v v

Web Plus Security Features and Recommendations

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Use of Exchange Mail and Diary Service Code of Practice

CHIS, Inc. Privacy General Guidelines

Frequently Asked Questions

Whitepaper. Security Best Practices for Evaluating Google Apps Marketplace Applications. Introduction. At a Glance

Cloud Vendor Evaluation

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Remote Services. Managing Open Systems with Remote Services

Projectplace: A Secure Project Collaboration Solution

The Education Fellowship Finance Centralisation IT Security Strategy

FormFire Application and IT Security. White Paper

Managing internet security

<workers> Online Claims and Injury Management

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Interact Intranet Version 7. Technical Requirements. August Interact

PROTECTING YOUR VOICE SYSTEM IN THE CLOUD

BlackBerry Enterprise Server for Microsoft Exchange. Version: 5.0 Service Pack: 4. Upgrade Guide

Keyfort Cloud Services (KCS)

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Security & Infra-Structure Overview

Salesforce & HIPAA Compliance

Business process efficiency is improved with task management, alerts, notifications and automated process workflows.

ASP Technology & Security Overview

Cloud Security: An Independent Assessent

IT SERVICE MANAGEMENT FAQ

Woodcock-Johnson and Woodcock-Muñoz Language Survey Revised Normative Update Technical and Data Security Overview

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Healthcare Compliance Solutions

Vendor Questionnaire

Copyright

Our Cloud Offers You a Brighter Future

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

Autodesk PLM 360 Security Whitepaper

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

A Decision Maker s Guide to Securing an IT Infrastructure

MIGRATIONWIZ SECURITY OVERVIEW

How To Protect Your Network From Attack From A Network Security Threat

PCI DSS Reporting WHITEPAPER

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

QuickBooks Online: Security & Infrastructure

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Cyber Security for NERC CIP Version 5 Compliance

IBM Connections Cloud Security

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM

Xerox Mobile Print Cloud

SINGTEL BUSINESS - PRODUCT FACTSHEET MANAGED CLOUD SERVICE (SINGTEL IAAS)

SCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards

CloudDesk - Security in the Cloud INFORMATION

Addressing Cloud Computing Security Considerations

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

Information Technology Solutions

Security April Solving the data security challenge with our enhanced private and hybrid cloud services

Payment Card Industry Data Security Standard

Attachment D System Hardware & Software Overview & Recommendations For IRP System

Security Overview Enterprise-Class Secure Mobile File Sharing

Securing the Service Desk in the Cloud

SCOPE OF SERVICE Hosted Cloud Storage Service: Scope of Service

Internet Content Provider Safeguards Customer Networks and Services

White Paper: Librestream Security Overview

Information security controls. Briefing for clients on Experian information security controls

Transcription:

Version 1.6 Updated 27/08/2015 Support: +61 2 8399 1688 Email: support@wfsaustralia.com Website: wfsaustralia.com

Legal Notice Copyright WFS: A WorkForce Software Company. All Rights Reserved. By receiving this information, you agree to keep this information confidential. It may not be duplicated in any way without the express written consent of WFS: A WorkForce Software Company, except that you are given permission to duplicate it in electronic or printed form for the purpose of distribution for evaluation of our software. Distribution should be limited to those employees and/or consultants who are directly involved in evaluating our solution. 2

Table of Contents Introduction... 2 WFS: A WorkForce Software Company... 2 Partners... 2 Technology... 3 System Requirements... 4 Infrastructure... 4 Data Centre... 5 Security... 5 Network Security... 6 Communication Security... 6 Web Application... 6 Biometric Terminal Data... 6 Software Security... 6 Operating System... 6 Web Application... 6 Database Access... 6 User Authentication... 7 Password Management... 7 Single Sign-On (SSO)... 7 Privacy... 7 Privacy Standards... 7 Internal Security and Privacy Policy... 7 Employment Security Checks... 7 Company Information Security and Privacy Policy... 7 Performance and Monitoring... 8 Redundancy and Disaster Recovery... 8 Database Availability... 8 Backups... 9 Recovery... 9 Operational Policies... 9 Change Management... 9 Capacity Management... 9 Incident Management... 9 1

Introduction WFS: A WorkForce Software Company WFS: A WorkForce Software Company (WFS Australia) is a leading provider of cloud-based workforce management solutions for Australian and New Zealand employers. The company s EmpCenter and EmpLive suites enable organisations to automate time and attendance, streamline absence and leave management, optimise staff rostering, gain real-time visibility into labour costs and productivity, and mitigate the risks of employee fatigue. EmpCenter is an enterprise-grade software suite that provides total workforce coverage and simpli fies labour compliance for large and multinational employers. EmpLive (previously sold as RosterLive) offers powerful functionality that can be rapidly deployed in small to midsized organisations. Based in Sydney, WFS Australia pairs local expertise with the strength and stability of a global provider. More than 250 Australian and New Zealand companies rely on WFS Australia solutions today. For more information, visit www.wfsaustralia.com or call +61 2 8399 1688. Partners At WFS Australia, we work closely with several highly respected companies to bring the best workforce management solution to the market and are proud to highlight these partnerships. 2

Technology EmpLive is a cloud-based system that utilises proven technology to provide a robust workforce management solution. WFS Australia customers have the reassurance and confidence that the supporting system architecture is backed by well-known names in IT Microsoft Corporation and Dell. EmpLive is designed and built using Microsoft technologies:.net Framework, SQL Server, Windows Server and SQL Reporting Services. We have chosen the Microsoft.NET Framework above other competitive web technologies for a number of reasons: y Maturity and Flexibility: The.NET framework is a full object oriented and flexible developing platform utilising more than 20 other CTS-compliant languages. In that sense, it is truly interoperable with existing programmers skills, improving re-usability and reducing complexity. These make the developed applications easily maintainable and accelerate support and service. y Integration and Scalability:.NET Framework 4.5 provides a new level of internal and external secure communication through Windows Communication Foundation providing a unified programming model for building service-oriented applications to interface with 3rd party services using standard protocols such as RPC and SOAP. y Security: E-commerce and enterprise data applications can effectively use the in-built comprehensive range of security and cryptography libraries of the.net Framework. y Web Application Framework: The ASP.NET framework, used to build dynamic web applications and services provides the developers the tools to easily create a sophisticated and robust web solution. The advanced debugging environment shortens the development cycle and allows developers to rapidly build and deploy applications. Also, because ASP.NET is a pre-compiled solution it provides performance benefits over other script-based technologies. y Community Support: Widespread usage of the.net Framework by the development community provides a large number of technical resources available on the market globally. This makes developing using the.net Framework the logical solution of choice by many well-known organisations. y Brand Assurance: The.NET platform is backed and strongly supported by Microsoft. The community also provides a significant number of developing tools. To mitigate the risk of product failure, EmpLive is deployed on the latest Microsoft Windows servers and uses Microsoft SQL Server as its database engine. Another key technology employed by EmpLive is SQL Reporting Services. This technology is a proven standard solution for designing, managing and delivering scalable reports via the Web and embedded in enterprise applications. SQL Reporting Services provides EmpLive users the following benefits: y Cost effective development: Reports can be rapidly designed and deployed. y Exporting: Provide native support to export onto PDF and Excel. y Future Proofing: Backed by the Microsoft brand. EmpLive depends on Dell PowerEdge Rack Servers. Dell s servers were selected for their reliability, time-tested designs and the latest innovative technologies. Combining the above mentioned technologies along with compliance to best patterns and practices and verified development methodologies, EmpLive keeps development lifecycle more technically and financially effective. 3

System Requirements Using EmpLive requires a computer with the following: y An internet connection y A modern browser enabled with JavaScript, cookies and SSL Note that EmpLive supports the current and previous major releases of Internet Explorer, Chrome, Firefox and Safari. Infrastructure EmpLive is deployed in a private cloud. There is dedicated power, network and hardware infrastructure allocated exclusively for all the EmpLive customers. EmpLive runs on a multitenant environment where a single instance of the software serves multiple customers. Primary Data Centre Disaster Recovery Data Centre 4

Data Centre EmpLive operates from the Equinix SY3 IBX (International Business Exchange) in Alexandria, NSW. The data centre has been functionally designed to meet the Tier 3 requirements of the TIA-942 standard. Features include: y Multiple active power and cooling distribution paths y Redundant components, and is concurrently maintainable, providing 99.982% availability y ISO27001 certified y Accredited green building which has achieved a Gold rating in the LEED ratings of the US Green Building Council. y Approved by AGIMO (The Australian Government Information Management Office) to be a data centre for federal government information. Security WFS Australia understands that data availability, confidentiality and integrity are key to our customer s operational success. We invest significant resources to continually monitor, audit, and upgrade our security infrastructure and processes as new standards are developed and accepted. Physical Security The customer data is hosted in a world class data centre, Equinix IBX Centre. These facilities provide the following support: y Staffed 24 hours a day, 365 days a year y 24x7x365 CCTV recordings y Access by appointment only, with sign in procedure and visual confirmation by trained security officers y Access control (man traps) and biometric readers at all main entry points y Security features, equipment and procedures enabling staff to track the whereabouts of anyone in IBX at anytime y Customer caged areas For more information on the Equinix data centre go to: http://www.equinix.com.au/locations/australia-colocation/sydney-data-centers/sy3/tech-specs 5

Network Security The customer data is hosted by WFS Australia and placed in a restricted access network. y Perimeter firewalls guarantee only valid IPs and ports are allowed access to the network. y A third party network monitoring tool continuously scans the network and provides real time alerts. y WFS Australia monitors and analyses security logs to proactively identify security threats. Communication Security Web Application All communication between the user and the EmpLive, ESS and ClockLive web applications is encrypted through Secure Socket Layer (SSL) via the HTTPS protocol. Note that all requests are sent through the secure SSL channel, not just the login information. A premium SSL certificate is deployed in the ESS web application providing extended validation, green address bar, 128-bit minimum to 256-bit encryption and vulnerability assessment. This premium SSL certification is powered by Verisign, the most trusted industry-leading SSL provider used by the world s largest financial institutions. The premium SSL certificate is available to customers for their EmpLive web application on request. Biometric Terminal Data The biometric information captured during the enrolment process and authentication is encrypted and kept within the ACTAtek terminal itself and not transmitted anywhere else. For additional security, WFS Australia recommends that the external IP or URLs allocated by the client for the biometric terminals use the HTTPS protocol. Software Security Operating System During the scheduled maintenance times, the latest security patches available are applied. This ensures that operating system vulnerabilities cannot be used to gain unauthorised access to WFS Australia. Web Application WFS Australia tests all code for security vulnerabilities before release. Third-party application vulnerability threat assessments are conducted on a monthly basis. Database Access Database access is strictly controlled and requires prior authorisation by our Change Approval Board. Database access is audited monthly. 6

User Authentication Password Management Users are authenticated with a username and password combination. Following the ISO 27001 guidelines for password management, EmpLive passwords must include: y a minimum length of eight characters y a lower case character (a-z), a capital character (A-Z), a numeric character (0 9) and a special character (@ # $ & / +) Customer based settings are also available to assist with password expiry reminders, password recycle thresholds to avoid password reuse and lock out mechanisms for multiple login failures. Single Sign-On (SSO) Single-sign on integration is available with both the EmpLive and ESS web applications. SSO is achieved using SAML 2.0 supporting both Identity Provider (IdP) initiated and Service Provider (SP) initiated sequences. Privacy Privacy Standards WFS Australia complies with the Australian Privacy Act and confidential standards by ensuring: y Customer data is secure and accessible by the customer when required y When sharing data with integrated systems only the data required is collected and transferred y Sensitive data such as passwords are stored encrypted with a one-way hash WFS Australia also observes Microsoft security best practices. Internal Security and Privacy Policy Employment Security Checks All WFS Australia employees must submit a police check and at least 2 referees are contacted during the employment process. Access to WFS Australia systems and data is granted on a need to see basis with limited access given until the employee s probation period ends. Company Information Security and Privacy Policy Employees are responsible for adhering to security and privacy policies and for escalating violations to those policies. The Company Information Security & Privacy policy covers: y Logical Security security measures for accessing electronic information resources through logical means e.g. via software or network controls, procedural controls relating to password management, security of data, communications security and reduction of risks from computer viruses software. y Physical Security security measures for controlling access to electronic information through physical means; physical access control and procedural controls which restrict access to computer systems and information. y Staff Policies security measures with respect to associate acceptable use of technology resources and other organisational issues such as contractor and vendor access. y Incident Response the process for managing security breaches. 7

y Escalation Procedures steps to report a policy violation. y Disaster procedures ensuring business continuity. Performance and Monitoring The production environment is monitored and setup with email and SMS alerts to the WFS Australia Team to ensure quick response time to urgent issues. Multiple monitoring systems are setup to ensure multilayer coverage across critical components of the environment: y Network monitoring y Server monitoring y Database monitoring y Application monitoring WFS Australia also monitors server health and application login response time for any changes in baseline configuration. The diagram below is results from recent monthly usage of EmpLive. It shows an average browser page load time of 3.73 seconds for an average browser throughput of 116 ppm (pages per minute). Redundancy and Disaster Recovery All application servers and database servers have redundant hardware. WFS Australia has multiple high speed internet connections via independent upstream providers for redundancy. A fully redundant network design has been adopted to eliminate a single point of failure all the way through the network to each server. Routing infrastructure consists of redundant border routers and switches coupled with redundant core routers and switches. Edge switches located in each rack utilise redundant hand o s from the core switches. We also maintain a disaster recovery facility situated on an alternate power grid. Database Availability SQL Server database mirroring is used to increase database availability. Database mirroring transfers transaction log records directly from one server to another and can quickly fail over to the redundant server. 8

Backups To ensure data availability and recovery, WFS Australia performs regular database backups and stores them on disks maintained at separate locations. Daily full and transactional database backups are retained up to 3 months to enable data recovery to a specified point in time. Fortnightly application and database backups. These backups are copied across redundant servers and a disk based backup appliance for quick restoration. Monthly application and database backups are retained up to 7 years for data recovery and auditing. Recovery In case of a database failure, the EmpLive application automatically redirects its connection information to the redundant database server. The redundant database server synchronously mirrors the live database server, and thus no data loss is incurred during the failover. In case of an application failure, the EmpLive application is redeployed to a redundant application server. Operational Policies Change Management WFS Australia adheres to documented Change Management Procedures. All changes require security impact assessments, testing, customer notice period assessment, and approval from the Change Approval Board. The Change Approval board consists of the WFS Australia management team and company executives as required. Capacity Management The production environment is monitored daily using several tools to assist with capacity management: disk space, memory, application and database performance, etc. The application usage and infrastructure performance is reviewed quarterly to ensure that the load is distributed evenly to amongst the pool of servers and that our resources are used in the most efficient manner. Infrastructure improvement tasks maybe scheduled after a quarterly review if necessary. Incident Management Incident and problem detection and management procedures are set out in the company s software security and privacy policy, in summary: y In the event of a suspected breach of security or privacy, or unauthorised disclosure of customer data, the Development Manager and General Manager will be immediately notified. y The response to the breach will be to deny further exposure and to quickly restore services. y The incident team will assess the risk and determine the appropriate response. y The incident team will determine who needs to be notified about the Incident. y An Incident Report will be created documenting the breach or disclosure, steps taken to resolve, and recommended risk mitigation plans for the future. 9

Rostering Time & Attendance Award Interpretation Leave Management Employee Self Service Cloud-based workforce management 1300 766 365 wfsaustralia.com info@wfsaustralia.com BR-002-WFS-AU

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information