Terms of Service

Overview

Foundry hosting is intended for customers who require low operational costs for their business applications and will not be negatively impacted should the application be unavailable for a period.

Hosting for higher availability applications on alternate hosting providers is available, please contact Biz Hub Australia (BHA) for details.

BHA is continually improving the Foundry Hosting service to increase application availability and data protection for the same low-cost monthly service fee.

Backup

Skyve applications hosted by BHA for our Australian customers reside in a secure Data Centre, usually in Sydney unless another Data Centre is preferred. Production applications are configured with an application backup that retains 7 days of rolling backups, 3 previous weeks and 2 previous months (this is user configurable). Backups remain in the selected Data Centre and are not replicated to an alternate location automatically unless offsite backup options are selected (see below). In addition to the application backups, the Data Centre maintains two days of virtual machine snapshots to recover from hardware failures.

Backups can be exported (zip file) and stored by the client if required. Backup zip files contain CSV format files for relational data and upload attachments and non-SQL data items are stored in their native format — not a BHA proprietary or blob format — and so are accessible for consumption by other systems if required.

Offsite Backup Option

If Data Centre redundancy is required, Skyve application backups can be stored in Microsoft Azure blob storage. This provides a full redundant copy of all the application backups, which can be stored in a different Data Centre or different country as required.

Change Management

Planned changes to the application will be implemented using the customers' change management policy or if no policy exists, using an approach proposed by BHA that will minimise the impact to the users.

Data Protection

Access controls - BHA have controls in place to ensure that only authorised staff have access to sensitive customer data. This access is reviewed regularly as part of our quality management process.

Data encryption - BHA application data is encrypted during transit using TLS. Additional HSTS protection can be enabled on a per-application basis if required. If encryption at rest is a requirement for the sensitivity of an application’s data, data can be hosted in a HIPPA-compliant data centre (e.g. Los Angeles, Miami, San Jose).

Data retention and disposal - Client application data within backups is retained per a configurable rolling backup period, by default only going back two months. A full backup of the virtual machine is only available for 2 days. Application data is retained indefinitely to ensure the consistency of the data within the application. This behaviour can be modified if required on a per-application basis (additional charges apply).

Incident response - BHA’s Cyber Security Policy details the steps required whenever a Cyber Security incident is detected this includes steps to mitigate the impact of the incident and prevent future incidents.

Training and awareness - BHA is working on continually improving how staff are trained on the proper handling of personal and sensitive data as part of its quality management process. Staff are aware of their responsibilities under the data protection policy as part of their onboarding and regular reviews.

Data transfer controls - BHA have developed our own “secure drive” to ensure the safe and protected transfer of client data between ourselves, the client and any third parties who may require access. Wherever possible, BHA works with obfuscated data sets during development to minimise the transfer and storage of client data onto the BHA network or devices.

Auditing and monitoring - The corporate BHA application keeps a record of which staff have access to which client data and may have a copy of it on their personal devices. Deleting client data from personal devices is part of the project completion checklist performed at the end of client projects as part of our quality management process.

Patch Management Policy

BHA's Customer Success Packages include at least one scheduled Skyve platform update per annum to keep the application current, this can be delivered in conjunction with application enhancements or at another agreed time.

BHA can implement additional Skyve Upgrades upon agreement with the customer or as needed if other development work is being undertaken.

Scheduled Outages

Any scheduled or planned outage will be coordinated with the customer to ensure minimal impact on the customer and users, we will use the customer's change management policy.

Security Incident Plan

The steps required whenever a Cyber Security incident is detected are as detailed in BHA’s Cyber Security Policy.

Vulnerability Management

We perform static code analysis and security vulnerability dependency management on applications we build for our customers. This ensures new applications are less likely to introduce new security vulnerabilities, and we made aware of any new emerging threats as they are discovered.

Customer and our own commissioned software and network penetration tests are routinely undertaken, the results are analysed, and any vulnerabilities are remediated as applicable to the Skyve platform and specific projects. Issues identified and remediated at the platform level are then available for subsequent platform updates to all projects.

Zero Day vulnerabilities are turned around usually via a patch to all supported versions as fast as possible typically within 48 hours. We will advise customers in this case, and it is up to the customer to determine when updates for patches can be applied to their production environments.

We monitor for other security vulnerabilities based on our software dependencies and analyse them immediately as they arise and a plan is devised based on the severity and risk, the size of the attack surface, the number and coupling of the dependency points, and whether the attack vector can succeed within its deployment in the Skyve software stack.

Application and project vulnerabilities are discovered from time to time, these are remediated within the change management context of the customer.

Contact Us

If you have any questions about these Terms, please contact us.

These terms were last updated on 12th April, 2023.