Version 1.6 Updated 27/08/2015 Support: +61 2 8399 1688 Email: support@wfsaustralia.com Website: wfsaustralia.com
Legal Notice Copyright WFS: A WorkForce Software Company. All Rights Reserved. By receiving this information, you agree to keep this information confidential. It may not be duplicated in any way without the express written consent of WFS: A WorkForce Software Company, except that you are given permission to duplicate it in electronic or printed form for the purpose of distribution for evaluation of our software. Distribution should be limited to those employees and/or consultants who are directly involved in evaluating our solution. 2
Table of Contents Introduction... 2 WFS: A WorkForce Software Company... 2 Partners... 2 Technology... 3 System Requirements... 4 Infrastructure... 4 Data Centre... 5 Security... 5 Network Security... 6 Communication Security... 6 Web Application... 6 Biometric Terminal Data... 6 Software Security... 6 Operating System... 6 Web Application... 6 Database Access... 6 User Authentication... 7 Password Management... 7 Single Sign-On (SSO)... 7 Privacy... 7 Privacy Standards... 7 Internal Security and Privacy Policy... 7 Employment Security Checks... 7 Company Information Security and Privacy Policy... 7 Performance and Monitoring... 8 Redundancy and Disaster Recovery... 8 Database Availability... 8 Backups... 9 Recovery... 9 Operational Policies... 9 Change Management... 9 Capacity Management... 9 Incident Management... 9 1
Introduction WFS: A WorkForce Software Company WFS: A WorkForce Software Company (WFS Australia) is a leading provider of cloud-based workforce management solutions for Australian and New Zealand employers. The company s EmpCenter and EmpLive suites enable organisations to automate time and attendance, streamline absence and leave management, optimise staff rostering, gain real-time visibility into labour costs and productivity, and mitigate the risks of employee fatigue. EmpCenter is an enterprise-grade software suite that provides total workforce coverage and simpli fies labour compliance for large and multinational employers. EmpLive (previously sold as RosterLive) offers powerful functionality that can be rapidly deployed in small to midsized organisations. Based in Sydney, WFS Australia pairs local expertise with the strength and stability of a global provider. More than 250 Australian and New Zealand companies rely on WFS Australia solutions today. For more information, visit www.wfsaustralia.com or call +61 2 8399 1688. Partners At WFS Australia, we work closely with several highly respected companies to bring the best workforce management solution to the market and are proud to highlight these partnerships. 2
Technology EmpLive is a cloud-based system that utilises proven technology to provide a robust workforce management solution. WFS Australia customers have the reassurance and confidence that the supporting system architecture is backed by well-known names in IT Microsoft Corporation and Dell. EmpLive is designed and built using Microsoft technologies:.net Framework, SQL Server, Windows Server and SQL Reporting Services. We have chosen the Microsoft.NET Framework above other competitive web technologies for a number of reasons: y Maturity and Flexibility: The.NET framework is a full object oriented and flexible developing platform utilising more than 20 other CTS-compliant languages. In that sense, it is truly interoperable with existing programmers skills, improving re-usability and reducing complexity. These make the developed applications easily maintainable and accelerate support and service. y Integration and Scalability:.NET Framework 4.5 provides a new level of internal and external secure communication through Windows Communication Foundation providing a unified programming model for building service-oriented applications to interface with 3rd party services using standard protocols such as RPC and SOAP. y Security: E-commerce and enterprise data applications can effectively use the in-built comprehensive range of security and cryptography libraries of the.net Framework. y Web Application Framework: The ASP.NET framework, used to build dynamic web applications and services provides the developers the tools to easily create a sophisticated and robust web solution. The advanced debugging environment shortens the development cycle and allows developers to rapidly build and deploy applications. Also, because ASP.NET is a pre-compiled solution it provides performance benefits over other script-based technologies. y Community Support: Widespread usage of the.net Framework by the development community provides a large number of technical resources available on the market globally. This makes developing using the.net Framework the logical solution of choice by many well-known organisations. y Brand Assurance: The.NET platform is backed and strongly supported by Microsoft. The community also provides a significant number of developing tools. To mitigate the risk of product failure, EmpLive is deployed on the latest Microsoft Windows servers and uses Microsoft SQL Server as its database engine. Another key technology employed by EmpLive is SQL Reporting Services. This technology is a proven standard solution for designing, managing and delivering scalable reports via the Web and embedded in enterprise applications. SQL Reporting Services provides EmpLive users the following benefits: y Cost effective development: Reports can be rapidly designed and deployed. y Exporting: Provide native support to export onto PDF and Excel. y Future Proofing: Backed by the Microsoft brand. EmpLive depends on Dell PowerEdge Rack Servers. Dell s servers were selected for their reliability, time-tested designs and the latest innovative technologies. Combining the above mentioned technologies along with compliance to best patterns and practices and verified development methodologies, EmpLive keeps development lifecycle more technically and financially effective. 3
System Requirements Using EmpLive requires a computer with the following: y An internet connection y A modern browser enabled with JavaScript, cookies and SSL Note that EmpLive supports the current and previous major releases of Internet Explorer, Chrome, Firefox and Safari. Infrastructure EmpLive is deployed in a private cloud. There is dedicated power, network and hardware infrastructure allocated exclusively for all the EmpLive customers. EmpLive runs on a multitenant environment where a single instance of the software serves multiple customers. Primary Data Centre Disaster Recovery Data Centre 4
Data Centre EmpLive operates from the Equinix SY3 IBX (International Business Exchange) in Alexandria, NSW. The data centre has been functionally designed to meet the Tier 3 requirements of the TIA-942 standard. Features include: y Multiple active power and cooling distribution paths y Redundant components, and is concurrently maintainable, providing 99.982% availability y ISO27001 certified y Accredited green building which has achieved a Gold rating in the LEED ratings of the US Green Building Council. y Approved by AGIMO (The Australian Government Information Management Office) to be a data centre for federal government information. Security WFS Australia understands that data availability, confidentiality and integrity are key to our customer s operational success. We invest significant resources to continually monitor, audit, and upgrade our security infrastructure and processes as new standards are developed and accepted. Physical Security The customer data is hosted in a world class data centre, Equinix IBX Centre. These facilities provide the following support: y Staffed 24 hours a day, 365 days a year y 24x7x365 CCTV recordings y Access by appointment only, with sign in procedure and visual confirmation by trained security officers y Access control (man traps) and biometric readers at all main entry points y Security features, equipment and procedures enabling staff to track the whereabouts of anyone in IBX at anytime y Customer caged areas For more information on the Equinix data centre go to: http://www.equinix.com.au/locations/australia-colocation/sydney-data-centers/sy3/tech-specs 5
Network Security The customer data is hosted by WFS Australia and placed in a restricted access network. y Perimeter firewalls guarantee only valid IPs and ports are allowed access to the network. y A third party network monitoring tool continuously scans the network and provides real time alerts. y WFS Australia monitors and analyses security logs to proactively identify security threats. Communication Security Web Application All communication between the user and the EmpLive, ESS and ClockLive web applications is encrypted through Secure Socket Layer (SSL) via the HTTPS protocol. Note that all requests are sent through the secure SSL channel, not just the login information. A premium SSL certificate is deployed in the ESS web application providing extended validation, green address bar, 128-bit minimum to 256-bit encryption and vulnerability assessment. This premium SSL certification is powered by Verisign, the most trusted industry-leading SSL provider used by the world s largest financial institutions. The premium SSL certificate is available to customers for their EmpLive web application on request. Biometric Terminal Data The biometric information captured during the enrolment process and authentication is encrypted and kept within the ACTAtek terminal itself and not transmitted anywhere else. For additional security, WFS Australia recommends that the external IP or URLs allocated by the client for the biometric terminals use the HTTPS protocol. Software Security Operating System During the scheduled maintenance times, the latest security patches available are applied. This ensures that operating system vulnerabilities cannot be used to gain unauthorised access to WFS Australia. Web Application WFS Australia tests all code for security vulnerabilities before release. Third-party application vulnerability threat assessments are conducted on a monthly basis. Database Access Database access is strictly controlled and requires prior authorisation by our Change Approval Board. Database access is audited monthly. 6
User Authentication Password Management Users are authenticated with a username and password combination. Following the ISO 27001 guidelines for password management, EmpLive passwords must include: y a minimum length of eight characters y a lower case character (a-z), a capital character (A-Z), a numeric character (0 9) and a special character (@ # $ & / +) Customer based settings are also available to assist with password expiry reminders, password recycle thresholds to avoid password reuse and lock out mechanisms for multiple login failures. Single Sign-On (SSO) Single-sign on integration is available with both the EmpLive and ESS web applications. SSO is achieved using SAML 2.0 supporting both Identity Provider (IdP) initiated and Service Provider (SP) initiated sequences. Privacy Privacy Standards WFS Australia complies with the Australian Privacy Act and confidential standards by ensuring: y Customer data is secure and accessible by the customer when required y When sharing data with integrated systems only the data required is collected and transferred y Sensitive data such as passwords are stored encrypted with a one-way hash WFS Australia also observes Microsoft security best practices. Internal Security and Privacy Policy Employment Security Checks All WFS Australia employees must submit a police check and at least 2 referees are contacted during the employment process. Access to WFS Australia systems and data is granted on a need to see basis with limited access given until the employee s probation period ends. Company Information Security and Privacy Policy Employees are responsible for adhering to security and privacy policies and for escalating violations to those policies. The Company Information Security & Privacy policy covers: y Logical Security security measures for accessing electronic information resources through logical means e.g. via software or network controls, procedural controls relating to password management, security of data, communications security and reduction of risks from computer viruses software. y Physical Security security measures for controlling access to electronic information through physical means; physical access control and procedural controls which restrict access to computer systems and information. y Staff Policies security measures with respect to associate acceptable use of technology resources and other organisational issues such as contractor and vendor access. y Incident Response the process for managing security breaches. 7
y Escalation Procedures steps to report a policy violation. y Disaster procedures ensuring business continuity. Performance and Monitoring The production environment is monitored and setup with email and SMS alerts to the WFS Australia Team to ensure quick response time to urgent issues. Multiple monitoring systems are setup to ensure multilayer coverage across critical components of the environment: y Network monitoring y Server monitoring y Database monitoring y Application monitoring WFS Australia also monitors server health and application login response time for any changes in baseline configuration. The diagram below is results from recent monthly usage of EmpLive. It shows an average browser page load time of 3.73 seconds for an average browser throughput of 116 ppm (pages per minute). Redundancy and Disaster Recovery All application servers and database servers have redundant hardware. WFS Australia has multiple high speed internet connections via independent upstream providers for redundancy. A fully redundant network design has been adopted to eliminate a single point of failure all the way through the network to each server. Routing infrastructure consists of redundant border routers and switches coupled with redundant core routers and switches. Edge switches located in each rack utilise redundant hand o s from the core switches. We also maintain a disaster recovery facility situated on an alternate power grid. Database Availability SQL Server database mirroring is used to increase database availability. Database mirroring transfers transaction log records directly from one server to another and can quickly fail over to the redundant server. 8
Backups To ensure data availability and recovery, WFS Australia performs regular database backups and stores them on disks maintained at separate locations. Daily full and transactional database backups are retained up to 3 months to enable data recovery to a specified point in time. Fortnightly application and database backups. These backups are copied across redundant servers and a disk based backup appliance for quick restoration. Monthly application and database backups are retained up to 7 years for data recovery and auditing. Recovery In case of a database failure, the EmpLive application automatically redirects its connection information to the redundant database server. The redundant database server synchronously mirrors the live database server, and thus no data loss is incurred during the failover. In case of an application failure, the EmpLive application is redeployed to a redundant application server. Operational Policies Change Management WFS Australia adheres to documented Change Management Procedures. All changes require security impact assessments, testing, customer notice period assessment, and approval from the Change Approval Board. The Change Approval board consists of the WFS Australia management team and company executives as required. Capacity Management The production environment is monitored daily using several tools to assist with capacity management: disk space, memory, application and database performance, etc. The application usage and infrastructure performance is reviewed quarterly to ensure that the load is distributed evenly to amongst the pool of servers and that our resources are used in the most efficient manner. Infrastructure improvement tasks maybe scheduled after a quarterly review if necessary. Incident Management Incident and problem detection and management procedures are set out in the company s software security and privacy policy, in summary: y In the event of a suspected breach of security or privacy, or unauthorised disclosure of customer data, the Development Manager and General Manager will be immediately notified. y The response to the breach will be to deny further exposure and to quickly restore services. y The incident team will assess the risk and determine the appropriate response. y The incident team will determine who needs to be notified about the Incident. y An Incident Report will be created documenting the breach or disclosure, steps taken to resolve, and recommended risk mitigation plans for the future. 9
Rostering Time & Attendance Award Interpretation Leave Management Employee Self Service Cloud-based workforce management 1300 766 365 wfsaustralia.com info@wfsaustralia.com BR-002-WFS-AU