Webcare Limited is a New Zealand-based software provider offering a purpose-built cloud-based Client Management System (CMS/CRM) to support providers in the health, well-being, and disability sector. This article provides an overview of Webcare features as a Software-as-a-Service provider and our ongoing commitment towards the security of your data.
Datacentre
Webcare is hosted in a High-Availability High-Performance dedicated VLAN datacentre. The data centre is built on a five-point rating VMware vSphereESXi Hypervisor and the data is stored in a High-performance SAN storage system with RAID protection.
Physical Security
The private datacentre facility is fire-proof with VESDA 3-stage smoke detection alarm system, leak-proof PEX piping for cooling, and is monitored 24x7 every day of the year with CCV, network cameras, and independent biometric access. The physical server availability is continuously monitored and if any failure is detected within the Webcare cloud, the VMs are automatically managed without any manual intervention.
Data Redundancy
The data is stored on a secure, clustered vSAN array and replicates to numerous disks across multiple physical servers. Our enterprise vSAN can sustain multiple simultaneous failures without any noticeable difference in service. This offers end-to-end data redundancy with no single point of failure.
Backups
All the databases are backed up every night with a “full” recovery option which allows us to restore the entire image for any disaster recovery. These backups are performed every night and can be migrated non-disruptively to other locations for disaster recovery. A transaction log can is maintained for any transactional loss. We also maintain redundant copies of the database and maintain rollbacks.
Disaster Recovery
For complete disaster recovery, all the VMs are also backed up every night and they can be migrated non-disruptively to other hosts for disaster recovery. The non-disruptive backups provide access to timestamped restore of VM which allows full VM recovery. The backups are maintained on a 7-day rollback period and recycle bin is kept for 30 days.
Data Retention
We do not impose any limit on the duration of Data Retention.
Network Security & Encryption
For network security, we use SSL TLS security, advanced firewalls for Intrusion & Data Leak prevention, Layer-7 load balancer, and automation support for DDoS mitigation.
Australian Cyber Security Centre (ACSC) & New Zealand Information Security Manual (NZISM)
We follow the guidelines of the Information Security Manual (ISM) from Australian Cyber Security Centre (ACSC), NZISM (New Zealand Information Security Manual) and HISO framework for cyber security and risk management. This includes our hosting, development, deployment, and physical environment security of your data.
As per guidelines for the standard operating environment (SOE), we maintain the required technical security standards. Our entire server cluster, which includes Web server, SQL server, domain controller, load balancer, and firewalls is regularly patched and updated. All the critical security patches are applied immediately, and the recommended updates are applied after internal testing. The updates are applied on both the Operating System level and per Service and Application-level.
Privacy Policy
We operate in multiple jurisdictions, currently Australia and New Zealand, and are bound by the respective privacy laws in those jurisdictions. In New Zealand, this includes the New Zealand Privacy Act 2020 and the information privacy principles set out in that Act; and in Australia, this includes the Privacy Act 1988 and the Australian Principles set out in that Act.
Mobile App
Webcare mobile app is certified for both Google Play Store and Apple App Store.
Role-based Permission Access
Webcare uses Role Based Access Control (RBAC) model with unlimited roles as a dedicated security engine and offers secured login access for all levels of administration. Each role is assigned a set of permissions to access certain features and resources of the system. Webcare also supports preventive measures where staff can be locked, revoked, or archived. A locked/revoked/inactive staff cannot log in to the system.
Webcare also offers ‘Client Security Groups’ where organisations can create their own security groups allowing selected staff to only access the assigned clients. There are also special roles to allow staff and clients to view only their own data.
Audit, Alerts
Webcare forms offer audit features where we record the created date-time, created by username, last modified date-time, and last modified by username. An option to track changes can be activated which will maintain different versions of the form as the data is changed.
Webcare also offers alert options where an alert is sent to the key user when a form data is modified including the date-time of modification and what was modified. Webcare also records the last logged-in timestamps and highlights if the login was outside normal hours.
DevOps Methodology
Webcare uses the latest .Net technologies and will continue to be a cloud-based service with support for WCF, MVC and Core .Net. Webcare can integrate with different systems by either using generic data formats (e.g. JSON, CSV, Excel) or by using API integration. The data exchange is supported at the user-interface level and can be dynamically structured as per other third-party systems’ requirements.
Webcare uses Microsoft Team Foundation for version control and DevOps methodologies for collaborative work for development and client-specific enhancements. Our collaborative team (Scrum) is made up of both operations and developers and we employ ISO 27001 standards for Information security management systems (ISMS) and Quality Assurance (ISO 9001) for development.