Infrastructure, Data and Security Overview
Last Updated: March 2022
Protecting your data
We’re committed to the security of our customers’ data and provide multiple layers of protection for the personal and financial information you trust to OpusXenta.
You control access
As an OpusXenta customer you have the flexibility to invite unlimited users into your account to collaborate on your data, and the person that holds the subscription has control over who has access and what they are able to do.
We provide standard access to the OpusXenta software through a login and password.
The system is divided into layers that separate data from the applications. Users of the application can only access the application features, and not the underlying database or other infrastructure components.
We encrypt all data that goes between you and OpusXenta using industry-standard TLS (Transport Layer Security), protecting your personal and financial data. Your data is encrypted when we transfer it between data centres for backup and replication.
OpusXenta takes a in depth approach to protecting our systems and your data. Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. OpusXenta’s security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.
Secure data centres
OpusXenta’s servers are located within enterprise-grade hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. These controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits. OpusXenta maintains multiple geographically separated data replicas and hosting environments to minimise the risk of data loss or outages.
ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. The basis of this certification is the development and implementation of a rigorous security program, which includes the development and implementation of an Information Security Management System (ISMS) which defines how our infrastructure service providers perpetually manage security in a holistic, comprehensive manner. This widely-recognized international security standard specifies that they do the following:
- systematically evaluate information security risks, taking into account the impact of threats and vulnerabilities.
- design and implement a comprehensive suite of information security controls and other forms of risk management to address customer and architecture security risks.
- have an overarching management process to ensure that the information security controls meet our needs on an ongoing basis.
The OpusXenta infrastructure service providers have certification of compliance with ISO/IEC 27001:2013, 27017:2015, and 27018:2014. These certifications are performed by independent third-party auditors.
OpusXenta infrastructure service providers are SOC 1, SOC 2, SOC 3 and ISO27001 compliant facilities.
Links to infrastructure and security service provider certifications as follows:
OpusXenta continuously monitors security systems, event logs, notifications and alerts from all systems to identify and manage threats.
Best in class availability
With a record of 99% uptime, OpusXenta delivers best-in-class availability. We use multiple redundancy technologies for our hardware, networks, data centres and infrastructure. These ensure that if any component fails, OpusXenta will keep on running – with little or no disruption to your service.
Built to perform at scale
OpusXenta has been designed to grow with your business. Our high performance servers, networks and infrastructure ensure we can deliver quality service to you and our hundreds of thousands of other users.
Disaster recovery and readiness
OpusXenta performs data backups and replication between our geographically diverse, protected facilities, to ensure your data is available and safely stored. This means that should an unlikely event occur, such as an entire hosting facility failure, we can switch over quickly to a backup to keep OpusXenta and your business running. We transmit data securely, across encrypted links.
OpusXenta also maintains multiple sets of backups in locations other than where the live data exists to avoid the very unlikely event of a complete data centre destruction.
In the event of complete failure of availability, we guarantee a maximum of an 8 hour disaster recovery service to have you up and running again.
Constant updates and innovation
We’re constantly enhancing OpusXenta, delivering new features and performance improvements. Updates are delivered frequently, with the majority of them being delivered without interrupting our service and disrupting users.
If OpusXenta becomes aware of a confirmed Security Incident, OpusXenta will inform you without delay by email and will provide reasonable information and cooperation so that you can fulfil any data breach reporting obligations you may have.
OpusXenta would also take reasonably necessary measures and actions to remedy or mitigate the effects of the security incident and to avoid such an incident in the future.
Should you become aware of a security incident, this should be reported without delay to email@example.com
Tip: Your online safety
We design security into OpusXenta from the ground up. However, there can be risks to working and playing online. Whether you’re shopping, banking, doing your accounts, or simply checking your email, cyber criminals and scammers are always looking for ways to steal money or sensitive information.
There are precautions you can take to reduce the risks and help keep you safe from harm online. Take a few minutes to see below for information about how to identify and deal with scams and malicious ‘phishing’ emails.
Phishing and malicious emails
A phishing email is a favoured way for cyber criminals to get access to your sensitive information, such as your usernames and passwords, credit card details, bank account numbers, etc. This kind of email may look as if it has come from a trustworthy source, but will attempt to trick you into:
- clicking on a link that will infect your computer with malicious software
- following a link to a fake (but convincing looking) website that will steal your login details
- opening an attachment that will infect your computer.
Once you are hooked, the cyber criminal may be able to steal or extort money from you, or gather sensitive personal or business information that they can use for other attacks. However, you can protect yourself and your business by being aware of these scams, and by knowing what to look for that may help you identify a malicious email:
- Incorrect spelling or grammar: legitimate organisations don’t always get it 100% right, but be suspicious of emails with basic errors.
- The actual linked URL is different from the one displayed – hover your mouse over any links in an email (DON’T CLICK) to see if the actual URL is different.
- The email asks for personal information that they should already have, or information that isn’t relevant to your business with them.
- The email calls for urgent action. For example, “Your bank account will be closed if you don’t respond right away”. If you are not sure and want to check, then go directly to the bank’s website via the URL you would normally use, or phone them. Don’t click on the link in the email. The email says you’ve won a competition you didn’t enter, have a parcel waiting that you didn’t order, or promises huge rewards for your help. On the internet, if it sounds too good to be true then it probably isn’t true.
- There are changes to how information is usually presented, for example an email is addressed to “Dear Sirs” or “Hello” instead of to you by name, the sending email address looks different or complex, or the content is not what you would usually expect.
These are just a few of the things to watch out for. There’s a lot more information and tips available on the web. But even if there’s nothing specific you can point to, the email may just not “feel” right. Trust your instincts, and don’t get hooked.
If you suspect you’ve received a phishing or malicious email, and it says it’s from OpusXenta or uses OpusXenta’s logo, do not click on anything in the email – please report it by forwarding the email to firstname.lastname@example.org.
Try to avoid a phishing attack by following these rules
If you receive a suspicious email make sure you:
- DO NOT CLICK on any link or attachment contained in the email.
- DO NOT REPLY to the email.
- Report the email by forwarding it to email@example.com if it is OpusXenta-branded.
- Delete the email.
- Update your anti-malware (anti-virus, anti-spyware) and run a full scan on your computer.