Security
Protecting your data
Ensuring we are protecting our customers is critical to us. If you identify a security concern with our website or services, please report it to us immediately and help us keep our environment secure. See our responsible reporting policy for more information and guidance on contacting us.
We’re committed to the security of our customers’ data and provide multiple layers of protection for the personal and company information you trust to Assignar.
You control access
As an Assignar customer you have the flexibility to invite unlimited users into your account to collaborate on your data, and the person that holds the subscription has control over who has access and what they are able to do. Our customer support staff cannot access your information unless you invite them to help. Please see our privacy policy for further information.
User authentication
We provide standard access to the Assignar software through a login and password.
Data encryption
We encrypt all data that goes between you and Assignar using industry-standard TLS (Transport Layer Security), protecting your personal and company data. Your data is also encrypted at rest when it is stored on our servers, and encrypted when we transfer it between data centres for backup and replication.
Network protection
Assignar takes a “defence in depth” approach to protecting our systems and your data. Multiple layers of security controls protect access to and within our environment, including firewalls, intrusion protection systems and network segregation. Assignar’s security services are configured, monitored and maintained according to industry best practice. We partner with industry-leading security vendors to leverage their expertise and global threat intelligence to protect our systems.
Secure data centres
Assignar’s servers are located within Amazon Web Services hosting facilities that employ robust physical security controls to prevent physical access to the servers they house. These controls include 24/7/365 monitoring and surveillance, on-site security staff and regular ongoing security audits. Assignar maintains multiple geographically separated data replicas and hosting environments to minimise the risk of data loss or outages.
Security monitoring
Assigvnar’s Security team continuously monitors security systems, event logs, notifications and alerts from all systems to identify and manage threats.
Security assurance
Always there
Assignar is there when you need it, regardless of the day or time, or where you happen to be.
Best in class availability
Assignar delivers best-in-class availability. We use multiple redundancy technologies for our hardware, networks, data centres and infrastructure. These ensure that if any component fails, Assignar will keep on running – with little or no disruption to your service.
Built to perform at scale
Assignar has been designed to grow with your business. Our high performance infrastructure and networks ensure we can deliver quality service to you and our hundreds of thousands of other users.
Disaster recovery and readiness
Assignar performs real-time data replication between our geographically diverse, protected facilities, to ensure your data is available and safely stored. This means that should even an unlikely event occur, such as an entire hosting facility failure, we can switch over quickly to a backup site to keep Assignar and your business running. We transmit data securely, across encrypted links.
Constant updates and innovation
We’re constantly enhancing Assignar, delivering new features and performance improvements. Updates are delivered frequently, with the majority of them being delivered without interrupting our service and disrupting users.
Your online safety
We design security into Assignar from the ground up. However, there can be risks to working and playing online. Whether you’re shopping, banking, doing your accounts, or simply checking your email, cyber criminals and scammers are always looking for ways to steal money or sensitive information.
There are precautions you can take to reduce the risks and help keep you safe from harm online. Take a few minutes to read our introduction to cloud security, and see below for information about how to identify and deal with scams and malicious ‘phishing’ emails.
Phishing and malicious emails
A phishing email is a favoured way for cyber criminals to get access to your sensitive information, such as your usernames and passwords, credit card details, bank account numbers, etc. This kind of email may look as if it has come from a trustworthy source, but will attempt to trick you into:
- clicking on a link that will infect your computer with malicious software
- following a link to a fake (but convincing looking) website that will steal your login details
- opening an attachment that will infect your computer.
Once you are hooked, the cyber criminal may be able to steal or extort money from you, or gather sensitive personal or business information that they can use for other attacks. However, you can protect yourself and your business by being aware of these scams, and by knowing what to look for that may help you identify a malicious email:
- Incorrect spelling or grammar: legitimate organisations don’t always get it 100% right, but be suspicious of emails with basic errors.
- The actual linked URL is different from the one displayed – hover your mouse over any links in an email (DON’T CLICK) to see if the actual URL is different.
- The email asks for personal information that they should already have, or information that isn’t relevant to your business with them.
- The email calls for urgent action. For example, “Your bank account will be closed if you don’t respond right away”. If you are not sure and want to check, then go directly to the bank’s website via the URL you would normally use, or phone them. Don’t click on the link in the email. The email says you’ve won a competition you didn’t enter, have a parcel waiting that you didn’t order, or promises huge rewards for your help. On the internet, if it sounds too good to be true then it probably isn’t true.
- There are changes to how information is usually presented, for example an email is addressed to “Dear Sirs” or “Hello” instead of to you by name, the sending email address looks different or complex, or the content is not what you would usually expect.
These are just a few of the things to watch out for. There’s a lot more information and tips available on the web. But even if there’s nothing specific you can point to, the email may just not “feel” right. Trust your instincts, and don’t get hooked.
If you suspect you’ve received a phishing or malicious email, and it says it’s from Assignar or uses Assignar’s logo, do not click on anything in the email – please report it by forwarding the email to phishing(at)assignar.com.
Try to avoid a phishing attack by following these rules
If you receive a suspicious email make sure you:
- DO NOT CLICK on any link or attachment contained in the email.
- DO NOT REPLY to the email.
- Report the email by forwarding it to phishing(at)assignar.com if it is Assignar-branded.
- Delete the email.
- Update your anti-malware (anti-virus, anti-spyware) and run a full scan on your computer.
Data Protection and Security Certifications
INFORMATION SECURITY POLICY STATEMENT
The security of information in all its forms is of the utmost importance to Senior Management. We acknowledge that as an organization, we can minimize information security risks through the preservation of confidentiality, integrity, and availability of information. This gives confidence to interested parties that risks due to potential incidents are adequately managed. Our ultimate goal to continually improve Information Security Management System performance within the business.
In order to achieve this, the following information security objectives have been established:
- Strategic and operational information security risks are understood and treated to be acceptable to Assignar
- The confidentiality of client information, product development, and marketing plans is protected
- The integrity of company records is preserved
- Public web services and internal networks meet specified availability standards
To achieve these objectives, we shall act to:
- Communicate this policy to all existing employees and to new employees upon commencement
- Comply with all legislative and other requirements which are relevant to Assignar
- Make our commitment to information security and confidentiality visible to all interested
- parties
- Maintaining a Management System which meets the requirements of ISO 27001:2013.
This policy is the overarching statement of Assignar’s commitment to information security which is supported by an Integrated Management System that encompasses additional policies that cover specific information security topics. This policy, together with the objectives and targets set, will be reviewed on an annual basis to ensure that it remains relevant and suitable to be operations of Assignar.
Ongoing Support
In addition to paragraph 5 of the below SLA, Assignar will provide unlimited ongoing customer support via the Customer Success Manager assigned to Mammoet Australia.
Service Level Agreement
This section outlines the service levels to be provided in the delivery of Assignar. It also provides service delivery parameters, against which the delivery of SaaS will be evaluated. Based on this evaluation, Customer may be entitled to an adjustment to the Service Credits for the contracted services.
- Service uptime commitment
For the purpose of measuring the quality of service that Assignar is delivering to Customer, Assignar provides the following commitment:
Assignar will provide Customer access to the SaaS production application on a twenty-four hour, seven days a week (24×7) basis at a rate of 99.9 % (“SaaS Services Uptime Metric”).
The SaaS Services Uptime Metric commences on the Go Live Date. “The Go Live Date” is the date at which Assignar has concluded end-user testing, Assignar has prepared production environment, Customer has become familiar with the software, and at which point the Customer end-users access the production environment with production data.
2. Measurement method
The SaaS Services Uptime Metric shall be measured using Cloudnexa monitoring tools. This monitoring software will run from more than one global locations with staggered timing.
On a quarterly basis, the SaaS Services Uptime Metric will be measured using the measurable hours in the quarter (total time minus planned downtime, including maintenance, upgrades, etc.) as the denominator. The numerator is the denominator value minus the time of any outages in the quarter (duration of all outages combined) to give the percentage of available uptime (2,198 actual hours available / 2,200 possible available hours = 99.9 availability). An “outage” is defined as two consecutive monitor failures within a five-minute period, lasting until the condition has cleared.
3. Boundaries and exclusions
The SaaS Services Uptime Metric shall not apply to performance issues caused by the following:
- Overall Internet congestion, slowdown, or unavailability
- Unavailability of generic Internet services (e.g. DNS servers) due to virus or hacker attacks
- Force majeure events
- Actions or inactions of Customer (unless undertaken at the express direction of Assignar) or third parties beyond the control of Assignar
- A result of Customer equipment or third-party computer hardware, software, or network infrastructure not within the sole control of Assignar
- Scheduled SaaS infrastructure maintenance
In addition to scheduled SaaS infrastructure maintenance, as defined in the Software as a Service data sheet and the terms, upgrades, and patches that occur approximately four times per year may require downtime in addition to the scheduled maintenance. The downtime will be scheduled in advance and coordinated with Customer.
4. Software-as-a-Service credits
Assignar’s exceeding, meeting, or failing to meet the SaaS Services Uptime Metric as measured over any quarter may be reflected in adjustments to the duration of the initial contract year for SaaS pursuant to the following schedule (“Service Credits”):
Between 99.9% – 100%
Meets goals
Between 99.0% – 99.8%
Tolerable
Five (5) day extension of term of the SaaS at no cost to Customer
Below 99.0%
Unacceptable
Ten (10) day extension of term of the SaaS at no cost to Customer
SaaS Ratings below 99% for a quarter shall be escalated by both parties to the executive level (or equivalent), as outlined in this schedule.
The SaaS Service Credits shall be cumulative and extend the initial term of the SaaS agreements at no cost to Customer. Therefore, any renewal of SaaS agreement shall be effective after SaaS Service Credits have been fully utilized.
The annual Service Credits are capped at thirty (30) days per annum.
5. Customer support
Assignar technical support is available from 6:00 am to 18.00 am (AEST, AWST, ACST) Monday through Friday, excluding all holidays.
The support is provided via the Support portal which is integrated with the Dashboard. Requests for support will be fulfilled based on priorities (Critical, High, Medium, Normal) which are determined by urgency and level of impact. New feature requests are NOT included in customer support.
Service Level response times to service requests are measured once a request is submitted via the Dashboard Support portal. Other forms of contact may affect the ability of Assignar Support to meet the requests in a timely fashion. Examples include:
- Direct emails to individual support personnel
- Direct phone calls to individual support personnel
6. Response times
The response time measures how long it takes the Assignar to respond to a support request raised via the Assignar’s Support portal.
Assignar is deemed to have responded when it has replied to the Customer’s initial request. This may be in the form of an email or telephone call, to either provide a solution or request further information.
Guaranteed response times depend on the severity of the issue. They are shown in this table:
Fatal | Severe | Minor |
---|---|---|
15 minutes | 30 minutes | 60 minutes |
7. Severity levels
The severity levels shown in the tables above are defined as follows:
Fatal (Level 1): Complete degradation — all users and critical functions affected. Item or service completely unavailable.
Severe (Level 2): Significant degradation — a large number of users or critical functions affected.
Minor (Level 3): Limited degradation — a limited number of users or functions affected. Business processes can continue.
8. Measurement and penalties
Response times are measured using the supplier’s support ticketing system, which tracks all issues from initial reporting to resolution.
It is vital the Customer raises every issue via this system. If an issue is not raised in this way, the guaranteed response time does not apply to that issue.
If the supplier fails to meet a guaranteed response, a penalty will be applied in the form of a credit for the Customer.
This means the following month’s fee payable by the Customer will be reduced on a sliding scale.
The level of penalty will be calculated depending on the number of hours by which the supplier missed the response time, minus the downtime permitted by the SLA:
Severity level
Penalty per hour (Prorated to the nearest minute)
1
5% of the total monthly fee
2
2% of the total monthly fee
3
1% of the total monthly fee
Important notes:
- Response time penalties in any month are capped at 50% of the total monthly fee
- Response times are measured during working hours (8 am — 6 pm AEST, AWST, ACST). For instance, if an issue is reported at 6.00pm with a response time of 60 minutes, Assignar has until 9:00 am the following day to respond.
9. Minimum Requirements
The required configurations for access to Assignar include:
- Internet connection with adequate bandwidth
- Google Chrome Internet Browser
- Please confirm with Assignar on requirements for Apple iPhone or iPad running iOS version
- Please confirm with Assignar on requirements for Android Tablet or Phone with minimum 1GB RAM