Information and Cyber Security
Secure Cloud hosting backed by Microsoft Azure
Build
LogiqcQMS is an ASP.NET cloud-based platform written in C#, with a SQL Server Database. The web interface is Vue.js (Logiqc v5 is an SQL/.Net application). The platform is delivered as a single tenancy solution with each tenant’s data isolated from one another and backed up separately. Our development partner is Dialog Information Technology, one of Australia’s leading technology services organisations trading nationally from offices across Australia and Asia.
Delivery
LogiqcQMS is hosted in the cloud in a Microsoft Azure data centre in Sydney, Australia. This environment is managed by CNS Australia.
We partner with leading providers to develop and deploy the system as a “Software As A Service” (SaaS) platform. The SaaS subscription fee includes backup, database maintenance, infrastructure maintenance, regular feature updates and bug fixes, and online helpdesk and ticket-based support for all users.
System requirements and capacity
LogiqcQMS is a hosted service and does not require applications to be installed locally to run. It operates on most internet-enabled devices including desktop and laptop computers, tablets and smartphones. LogiqcQMS is compatible with most current version browsers such as Google Chrome, MS Edge, Mozilla Firefox, and Safari. Note that due to Microsoft’s reducing support for the IE 11 browser, IE 11 may not provide an optimal experience when used with the LogiqcQMS and is not recommended.
The number of documents and register items that can be added to the system is unlimited, however, there is a storage cap of 10GB for the entire database which can be reviewed if reached (additional storage fees may apply). The IIS service will limit individual document sizes to 30MB.
Governance
Logiqc prioritises security, integrity, and availability of client data and has a suite of documented policies and procedures in place.
Logiqc Pty Ltd is certified against the ISO 9001:2015 Quality Management Systems standard. Dialog Information Technology is certified against the ISO 9001:2015 Quality Management Systems standard. CNS Australia is certified against the ISO IEC 27001:2013 Information Security Management System standard.
Supplier Management
Logiqc utilises CNS as an MSP for cloud infrastructure services and engages Sekuro for penetration testing and software development services. Consistent with ISO requirements Logiqc conducts annual reviews of key suppliers and all non-conformities are documented and managed within the company’s quality management system. These suppliers are managed through a combination of contacts and SLAs.
Data Ownership
The platform is owned and designed by Logiqc Pty Ltd. All client-originated data created and stored in the platform remains the property of the client and can be provided if required (native files and .csv) upon the termination of the subscription.
Data security
SSL (Secure Sockets Layer) is used by LogiqcQMS to secure the data transmitted between the user and the LogiqcQMS application. SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
Physical and Environmental Security Controls
Physical devices containing client data exist only in the Azure cloud and are protected via Microsoft’s protocols. Internal policy controls disallow all employees, vendors and contractors from utilising printed copies, USB drives and CD ROMs for output and storage of confidential information. The platform features assigned RBAC permissions to prevent users from exporting and printing data.
Network Security Controls
Network security policies include leading anti-virus solutions, encryption, firewall, an Intrusion Detection System (IDS) and Intrusion Protection System (IPS) in conjunction with third-party penetration testing to ensure network security.
Anti-Malware Controls
Qualys and Windows Defender Advanced Threat Protection are implemented for daily vulnerability scanning, detection and protection. Vulnerability scans are also conducted on a continuous basis.
Backup and Recovery
The LogiqcQMS application hosted in Microsoft Azure Australia East Region (Sydney) is configured for disaster recovery via Global Replication into Microsoft Azure Australia Southeast (Melbourne). Full VM snapshots are backed up every 7 days, SQL dbases backed up ever 24 hours and transaction logs are backed up every 4 hours. All backups are replicated to Melbourne for DR. RPO (Restore Point Objective) achieved is <4hours and RTO (Restore Time Objective) achieved is <6 hours subject to nature of event. Data is replicated in near real time between Sydney and Melbourne to ensure minimal data loss in the event the primary data centre is not functioning.
Security Testing
Second-party penetration testing as required by code change is conducted as part of testing. Industry-recognized third parties are also employed to perform penetration tests as warranted by technology or design change.
DR testing is conducted annually to ensure failover policies and procedures for continuity of service are accurate and effective.
Encryption of Data in Transit and at Rest
Sensitive interactions with LogiqcQMS (eg. API calls and authenticated sessions) are encrypted in transit with TLS version 1.2 and 2048-bit keys or better. Stored data is encrypted at rest, as is platform data using AES-256 encryption. User passwords are hashed following industry best practices and are encrypted at rest. Data in transit with clients is encrypted with SSL.
Password Controls
Access to assets and associated facilities is limited to authorised users, processes, or devices, and to authorised activities and transactions. Minimum password complexity is enforced including two-factor authentication for access to customer financial and account information. Platform access for Logiqc staff is 8 character minimum, upper and lower case, one special character.
Incident Management
Logiqc Pty Ltd works with its technical partners to address business disruptions from the initial disaster response through to the point at which normal business operations are resumed.
MSP SLAs including incident management protocols are in place. Clients are advised should an incident that impacts confidentiality, integrity or availability of client information arise. Incident detection and management policies are also in place. Within the hosted environment, crisis management is controlled by Microsoft and is managed in accordance with local Azure Cloud protocols. Crisis coordination is managed by Logiqc Pty Ltd in conjunction with relevant vendors 24/7. Clients initiate incident reports via support tickets with the Logiqc Support team.
Privacy Policy
The privacy policy is published in detail on Logiqc’s public-facing website at https://logiqc.com.au/privacy-policy