Better protection for
total peace of mind
Enterprise-grade security right from the start
99.99% plus availability
Since our beta launch in November 2019, the total time offline has been 17 minutes – with the majority of downtime caused by the Microsoft authentication service being offline. This represents better than 99.99% availability, exceeding industry best-practice.
Future-proofed to grow with your business
Moving to the cloud is a significant decision. FYI has been engineered using best-practice architecture to ensure the platform scales in the future.
We’re constantly innovating the platform to:
- Enhance your practice efficiency and productivity
- Increase your responsiveness to clients
- Support your practice into the future
You can rest assured that the FYI platform is a good long-term investment.
FYI has been designed using the AWS ‘Well-Architected Framework’, ensuring that the solution is secure, high-performing, resilient, and makes the most efficient use of the AWS infrastructure. Through this partnership and regular technical review with AWS, FYI can guarantee high availability, data redundancy, and government-grade security. As part of the regular software development life-cycle, FYI is routinely load tested to prove it can scale to host the billions of documents required. FYI also undergoes regular penetration testing to identify and eliminate any potential security weaknesses.
Leveraging trusted Windows Authentication
Rather than creating an authentication layer requiring yet another username and password, FYI leverages Microsoft Windows user authentication, which is trusted globally for its high standard of security and reliability. To log into FYI, a user only needs to use their Microsoft 365 username and password.
FYI supports multi-factor authentication (MFA) when implemented as part of Microsoft 365. The decision to apply MFA to FYI depends on the administration of Microsoft 365 in your practice.
FYI works with AWS to have the most up-to-date monitoring and defenses against suspicious behaviour, unauthorised attempts to access FYI, potential ‘denial of service attacks, and the like.
In the event of an unscheduled outage, business continuity and disaster recovery procedures are initiated to maintain continuous business operations and system performance.
Your data is dynamically backed up by Amazon (AWS) as part of their core service. Amazon provides inbuilt offsite backups, disaster recovery and multiple sites synchronisation. We also provide the ability for practices to back-up their data locally. Back-ups are retained for 30 days.
FYI is ISO 27001:2019 certified, an international standard for information security management.
ATO Digital Services Provider
As a Digital Service Provider to the ATO, FYI meets all requirements for authentication, encryption, certification, data hosting, personnel security and security monitoring practices.
We are committed to protecting the personal data and privacy of FYI users in EU and EEA countries by ensuring GDPR (General Data Protection Regulation) compliance.
Encryption in Transit and at Rest
FYI uses the latest in Transport Layer Security encryption on all requests sent between client and server (TLS v1.3, with v1.2 available if needed). Comprehensive system controls have been implemented to prevent cross-site scripting and SQL injection attacks. This ensures your information is safe while in use by the FYI client applications or sitting idle on our servers.
Unique Encryption Keys
FYI uses unique encryption keys for each subscription, ensuring that each practice has its own layer of protection from unauthorised access. All data stored in FYI is encrypted with AES-256 specific keys applied to every subscription. This is an industry-leading approach to data security that is unique to FYI.
FYI engages external consultants to perform annual security assessments including penetration tests.
Administrative Data Access
Access to production databases is strictly controlled and limited to users with a need to access production data for customer support or problem resolution. On request, FYI will securely delete a customer’s data.
In-app user permissions allow you to control what data a user can access and what company-wide actions and settings can be controlled.
Your practice retains complete ownership rights of the content you upload to FYI. If you wish to cease using FYI and end your subscription, you can export your documents to a Windows Explorer directory structure.
Your data is being replicated to multiple data centres and backed up in case of disaster.
In the case of a Disaster Recovery event, the maximum period of modified data that could be lost is 5 minutes. The maximum time expected to restore data and service is 30 minutes. FYI’s Disaster Recovery is tested on a quarterly basis.
Our incident management process ensures we rapidly respond to security events that may affect the integrity or availability of the FYI platform and the data stored within it. Events that affect customers are given the highest priority.
All FYI data is stored in Amazon’s AWS data centres in Sydney and London, including their disaster recovery sites. AWS is ISO27001 compliant and provides inbuilt, offsite backups, multiple sites synchronisation and disaster recovery.
Each practice’s documents are stored in its own discreet store within AWS. The documents for every practice are encrypted using a unique set of public/private keys to ensure no other practices can access unauthorised information.