SECURITY AND RELIABILITY

Better protection for
total peace of mind

Protecting your files in the Cloud is our top priority. Rest assured, knowing your client's data has the highest levels of protection and availability – no matter what.

Born in the cloud and bulletproof!

Secure
Highest levels of data encryption and data security
Reliable
99.99% uptime
Future Proof
Engineered for long-term scalability

99.99% plus availability

Since our beta launch in November 2019, the total time offline has been 17 minutes – with the majority of downtime caused by the Microsoft authentication service being offline. This represents better than 99.99% availability, exceeding industry best-practice.

    Future-proofed to grow with your business

    Moving to the cloud is a significant decision. FYI has been engineered using best-practice architecture to ensure the platform scales in the future.

    We’re constantly innovating the platform to:

    • Enhance your practice efficiency and productivity
    • Increase your responsiveness to clients
    • Support your practice into the future

    You can rest assured that the FYI platform is a good long-term investment.

      Architecture

      FYI has been designed using the AWS ‘Well-Architected Framework’, ensuring that the solution is secure, high-performing, resilient, and makes the most efficient use of the AWS infrastructure. Through this partnership and regular technical review with AWS, FYI can guarantee high availability, data redundancy, and government-grade security. As part of the regular software development life-cycle, FYI is routinely load tested to prove it can scale to host the billions of documents required. FYI also undergoes regular penetration testing to identify and eliminate any potential security weaknesses.

      Authentication

      Leveraging trusted Windows Authentication
      Rather than creating an authentication layer requiring yet another username and password, FYI leverages Microsoft Windows user authentication, which is trusted globally for its high standard of security and reliability. To log into FYI, a user only needs to use their Microsoft 365 username and password.

      Multi-Factor Authentication
      FYI supports multi-factor authentication (MFA) when implemented as part of Microsoft 365. The decision to apply MFA to FYI depends on the administration of Microsoft 365 in your practice.

      Availability

      24/7 Protection
      FYI works with AWS to have the most up-to-date monitoring and defenses against suspicious behaviour, unauthorised attempts to access FYI, potential ‘denial of service attacks, and the like.

      Service Recovery
      In the event of an unscheduled outage, business continuity and disaster recovery procedures are initiated to maintain continuous business operations and system performance.

      Backup

      Your data is dynamically backed up by Amazon (AWS) as part of their core service. Amazon provides inbuilt offsite backups, disaster recovery and multiple sites synchronisation. We also provide the ability for practices to back-up their data locally.  Back-ups are retained for 30 days.

      Certification and Compliance

      ISO27001:2019 Certified
      FYI is ISO 27001:2019 certified, an international standard for information security management.

      ATO Digital Services Provider
      As a Digital Service Provider to the ATO, FYI meets all requirements for authentication, encryption, certification, data hosting, personnel security and security monitoring practices.

      GDPR Compliant
      We are committed to protecting the personal data and privacy of FYI users in EU and EEA countries by ensuring GDPR (General Data Protection Regulation) compliance.

      Privacy
      FYI complies with privacy laws in Australia, New Zealand and the UK. We are committed to preventing unauthorised access to or disclosure of customer information. To read our privacy policy, click here.

      Data Security

      Encryption in Transit and at Rest
      FYI uses the latest in Transport Layer Security encryption on all requests sent between client and server (TLS v1.3, with v1.2 available if needed). Comprehensive system controls have been implemented to prevent cross-site scripting and SQL injection attacks. This ensures your information is safe while in use by the FYI client applications or sitting idle on our servers.

      Unique Encryption Keys
      FYI uses unique encryption keys for each subscription, ensuring that each practice has its own layer of protection from unauthorised access. All data stored in FYI is encrypted with AES-256 specific keys applied to every subscription. This is an industry-leading approach to data security that is unique to FYI.

      Penetration Testing
      FYI engages external consultants to perform annual security assessments including penetration tests.

      Administrative Data Access
      Access to production databases is strictly controlled and limited to users with a need to access production data for customer support or problem resolution. On request, FYI will securely delete a customer’s data.

      User Permissions
      In-app user permissions allow you to control what data a user can access and what company-wide actions and settings can be controlled.

      Data Ownership
      Your practice retains complete ownership rights of the content you upload to FYI. If you wish to cease using FYI and end your subscription, you can export your documents to a Windows Explorer directory structure.

      Data Processing Agreements
      ‍FYI has created a GDPR-ready Data Processing Agreement should you require EU-compliant contractual protections. The FYI Data Processing Addendum (“DPA”) describes the data protection obligations between the Customer for the Service delivered by FYI (“Data Processor”). Data Processing Agreements are available for our customers should they be required.

      Disaster Recovery

      Your data is being replicated to multiple data centres and backed up in case of disaster.

      Service Recovery
      In the case of a Disaster Recovery event, the maximum period of modified data that could be lost is 5 minutes. The maximum time expected to restore data and service is 30 minutes. FYI’s Disaster Recovery is tested on a quarterly basis.

      Incident Management
      Our incident management process ensures we rapidly respond to security events that may affect the integrity or availability of the FYI platform and the data stored within it. Events that affect customers are given the highest priority.

      Hosting

      All FYI data is stored in Amazon’s AWS data centres in Sydney and London, including their disaster recovery sites. AWS is ISO27001 compliant and provides inbuilt, offsite backups, multiple sites synchronisation and disaster recovery.

      Each practice’s documents are stored in its own discreet store within AWS. The documents for every practice are encrypted using a unique set of public/private keys to ensure no other practices can access unauthorised information.

      ISO 27001 Compliance

      FYI is proud to be ISO 27001 compliant. This internationally recognized standard ensures that our information security management system (ISMS) meets rigorous requirements for data protection, risk management, and continuous improvement.

      Essential Eight

      In partnership with CS1 Group, FYI has implemented the Essential Eight mitigation strategies as a baseline to protect against cyber threats. The Essential Eight is a set of strategies designed to help organizations strengthen their cybersecurity posture and mitigate common security risks.

      By using the Essential Eight as a foundational element of our security policies, we ensure that our practices are aligned with industry best practices and provide robust protection against potential threats.

      Want to see FYI in action?

      Book a demo or start a 30-day free trial today.