How did we get here?
Back in the 1900’s… okay, we’re not that old. Back in 1999, our founder realized the only way to get health and safety advice came at a high cost through private consultants. It was in that moment Systems 24-7 was born. We believe in providing expert advice and guidance at an affordable rate so that every organization can have an effective health and safety program.
How did we get here?
Back in the 1900’s… okay, we’re not that old. Back in 1999, our founder realized the only way to get health and safety advice came at a high cost through private consultants. It was in that moment Systems 24-7 was born. We believe in providing expert advice and guidance at an affordable rate so that every organization can have an effective health and safety program.
IMPORTANT UPDATES
What's New
Past Updates
eLearning Course List
Newsletters
Schedules
Security & Back Up
Upcoming Webinar Schedule
Reseller Updates
SECURITY AND BACK UP
Security
Physical Security:
With the production environment of Systems 24-7 now housed on Microsoft Azures hosting services, Microsoft is now responsible for ensuring the physical security of their servers and our software. To find out more information about Microsoft’s state-of-the-art physical security, please refer to the Microsoft documentation on Azure Physical Security.
For off-site back-ups and non-production environments, our data is stored on local servers located at an undisclosed site behind locked doors and steel server cages and on secured isolated protected drives within the Microsoft networks. This location is only physically accessible by Dunk & Associates’ Ownership and the head of our Technology Department requires both a key and passcode to enter.
​
Digital Security:
Systems 24-7 have multiple layers of security following standard best practices. We have purchased upgraded security from Microsoft and implemented a 7-layer internal security system including Network Firewalls, Application Firewalls, encryptions, and hidden Database servers. All access to the Root of the servers remains behind monitored multi-authenticated VPN from specific point-to-site access. This access is highly restricted to the development and ownership team at Dunk & Associates. Access logs are monitored both manually and automatically for any unauthorized access including real-time alerts and auto lockout procedures. All web-facing client data remains behind internal authentication to the Systems 24-7 application or your Single Sign-On Solutions (SSO) and is segregated from all other data.
All client access is restricted to the usage of SSL Certificates and follows industry standard best practices in cyber security.
​
Vulnerability Testing:
​
Due to the nature of our data, and with some clients being considered mission-critical and confidential, all testing and security evaluations are done in-house by our development and testing team. All access and usage of Systems 24-7 is housed behind its internal authentication or ADFS. In order to do anything or access anything on the platform, a user must first access the platform through the login page.
Systems 24-7 is tested at 4 levels.
-
In Development: After the initial development of a feature or change, the developer in charge of the project reviews their code for vulnerabilities. If a vulnerability is found; it is not “patched”; but analyzed and rebuilt so that the vulnerability would not exist. This process is repeated until the developer’s analysis shows no more vulnerabilities.
-
Staging: Once the development is ready for client functionality testing, it is moved to a staging environment. This staging environment is an exact replica of the live servers, without any client data. Here our internal testing team tests the changes for UI (user interface), UX (user experience), load testing and vulnerability. If any issue is found; the change is rejected and sent back to the development stage.
-
Live: If the development changes pass the 2nd testing level the changes are put live following the Systems 24-7 Update Schedule. At this step, we repeat the same testing steps to ensure nothing is missing in the update schedule process. If testing fails; the changes are reverted while we identify the difference between testing levels 2 and 3. Once testing is passed; the work item is considered a success and closed.
-
Monitoring: Even with development items closed at Step 3; we routinely check the Systems 24-7 application for any sort of issues in the UI, UX, load balancing, speed and vulnerabilities. If any issue is found; it is reported and identified by a developer immediately for patching, then repair following the steps taken in the 3 testing levels above.
All testing notes and work-related topics for each developed item remain within our project tracking application and are reviewed on an annual basis to determine items that can be improved upon. If something has been determined that it can be improved; it is put into the queue for step 1.
Backup
Systems 24-7 Databases backs up daily in full to a local repository to the application. These backups are transferred to an off-site unit weekly and are kept in a secure location for 60 days.
Full Systems 24-7 application backs up daily and are stored for 30 days.
All backups are frequently checked for data retention and recovery.
Monitoring
Systems 24-7 is a fully monitored system to ensure its performance and capacity remain at optimal usage for our clients. Using automated systems, we monitor Systems 24-7 around the clock for:
-
Bandwidth and usage capacity
-
Power consumption
-
User access
-
CPU capacity
-
RAM capacity
-
HHD capacity
-
Hardware performance
-
System errors (auto-emailed to our developers)
Any issues identified by our monitoring systems are flagged, and the appropriate team is notified to ensure it is handled in a timely manner.
Continuity Planning
With the Systems 24-7 production environment hosted on Microsoft Azure hosting services, we have 2 levels of continuity planning in case of emergency. Locally within Microsoft Azure we have redundant servers to quickly fall back to secondary servers that will start off from where the primary servers left off.
Should the Systems 24-7 environment in Microsoft Azure Hosting Services fail for any reason, we have a recurring data transfer out to our backup location every 5 hours updating a 3rd set of servers. From here, we will be able to host Systems 24-7 at full capacity until Microsoft Azure Hosting Services are up and running where we will then update the primary system to full capacity and shift the production environment back to Microsoft Azure Hosting Services.
To ensure the 99.5% up-time Systems 24-7 is fully monitored. Using automated systems, we monitor Systems 24-7 around the clock for:
-
Bandwidth and usage capacity
-
User access
-
CPU capacity
-
RAM capacity
-
SSD capacity
-
System errors (auto-emailed to our developers)
Any issues identified by our monitoring systems are flagged, and the appropriate team is notified to ensure it is handled in a timely manner.
What does this all mean? Dunk & Associates has purchased increased security in Microsoft and with this comes a 99.5% uptime of Systems 24-7 fully monitored per week.