Webcare Services and Data Security

In the wake of recent ransomware attacks on the health and financial sectors, we wanted to reach out to you and reiterate our ongoing commitment towards the security of your data.

Datacentre

Webcare is hosted in a High-Availability High-Performance dedicated VLAN datacentre in Auckland. All your data is always domiciled in New Zealand and we adhere to the NZ privacy policy principles.

The private datacentre facility is fire-proof with VESDA 3-stage smoke detection alarm system, leak-proof PEX piping for cooling, and is monitored 24x7 every day of the year with CCV, network cameras, and independent biometric access. The physical server availability is continuously monitored and if any failure is detected within the Webcare cloud, the VMs are automatically managed without any manual intervention. There is no single point of failure.

Data Redundancy

The data centre is built on a five-point rating VMware vSphereESXi Hypervisor. Your data is stored on a secure, clustered vSAN array which replicates your data to numerous disks and multiple physical servers. Our enterprise vSAN can sustain multiple simultaneous failures without any noticeable difference in service. This offers end-to-end data redundancy with no single point of failure.

Backups

All the databases are backed up every night with “full” recovery option which allows us to restore the entire image for any disaster recovery. This gives us a reliable DR option in comparison to incremental backups.

For complete disaster recovery, all the VMs are also backed up every night and they can be migrated non-disruptively to other hosts for disaster recovery. The managed backups are maintained off-site daily for 14-days for any rollback and the recycle bin is kept for 30-days.

Data Retention

We do not impose any limit on the duration of Data Retention.

Privacy Policy

We operate in multiple jurisdictions, currently Australia and New Zealand, and are bound by the respective privacy laws in those jurisdictions. In New Zealand, this includes the New Zealand Privacy Act 2020 and the information privacy principles set out in that Act; and in Australia, this includes the Privacy Act 1988 and the Australian Principles set out in that Act.

Network Security

For network security, we use SSL certificates (similar to online banking), advanced firewall, Intrusion Prevention System, and Layer-7 load balancer support.

Platform Security

As per New Zealand Information Security Manual (NZISM) guidelines for the standard operating environment (SOE), we maintain the required technical security standards to secure your data. Our entire server cluster is regularly patched and updated.

All the critical security patches are applied immediately and the recommended updates are applied after internal testing. The updates are applied on both the Operating System level and per Service and Application level.

Releases, Updates & Versions

We have three different test levels for Quality Assurance, which based on the hierarchy, test every update and patches. Once approved, these updates are then applied to your database. Your database will always be kept up-to-date to the latest version and no action is required from your side.

In addition to the regular updates at both OS and application levels, we have also set up advanced security to protect individual databases including updatable machine keys, encryption, hash functions, and SSL security.

Additional Steps

We have recently added an additional advanced firewall. The advanced firewall, powered by Fortinet, provides Intrusion & Data Leak Prevention and Anti-Botnet protection. We have also provisioned a separate platform server that can act as a hotswap in case of any disaster recovery.

In summary, we have invested heavily to secure your data from both physical and network access with contingency plans for any disaster recovery.