Delivered from the World’s Leading Technology Infrastructure
Our primary services are delivered via Amazon Web Services, the world’s leading provider of technical infrastructure. More than a million customers in 190 countries, comprising over 2,000 government agencies, 5,000 educational institutions, and 17,500 nonprofits trust AWS every day with their operations, data, and infrastructure. AWS operates more than 10x the infrastructure of the next 14 hosting providers combined and is growing at a rapid rate. At this time, all of our infrastructure operates from within the Amazon EU Region (Ireland), and all data resides within the Amazon EU Region (Ireland).
High Availability and Redundancy
We operate a fully redundant mirror infrastructure in a separate AWS availability zone to which we can failover if necessary. The second AWS availability zone is geographically separate and receives a copy of transactions and data operations performed on our primary cluster in “real time”. In the unlikely event of a total failure at our primary provider, we can transition operations to the secondary location within minutes.
Data Center Security
Our providers have an impressive security track record for safeguarding your data and operations. Our providers meet or exceed the following standards:
- ISO 27001
- ISO 27002
- PCI Security Standards
- Privacy Shield Certified
- HIPAA Compliant (have signed a Business Associates Agreement with Administrate)
Backups and Disaster Recovery
All critical systems are backed up nightly in addition to our mirror system. All customer data is backed up nightly in addition to being replicated in “real time” to our mirror system. Backups are tested weekly. We have the ability to take additional “snapshots” of a system before making changes so that we can revert in the event of an unexpected outcome. Backups are taken nightly, encrypted, and securely transmitted and stored within Amazon S3 which provides for the data to be stored on no less than three physically independent devices for durability. Backups are customer specific, and data is not commingled.
Administrate is GDPR compliant. Our agreements with our customers contain specific language identifying how we process and control data on your behalf. In summary, Administrate clients are the nominated Data Controller, and Administrate is the nominated Data Processor. We maintain a list of the Subprocessors we use on this page.
Administrate is ISO 27001:2013 Certified
Administrate has achieved ISO 27001:2013 certification. The certification and audit were performed by Coalfire, a cybersecurity audit firm with more than 16 years of experience and more than 1,400 government and commercial clients.
The US subsidiary of Administrate has been certified for the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. These were designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce. You can find Administrate’s certification record here.
Service Monitoring and Reporting
We have several different levels of application monitoring to ensure that services are being rendered according to acceptable performance standards.
- We provide a public operational service status page which documents our historical uptimes and provides information in the event of a service disruption.
- Uptime monitoring by a third-party (Pingdom) which notifies us when external services slow down or fail.
- Internal application instrumentation on server loads and performance, in case resources are consumed at unusual rates.
- We provide the status of unusual or degraded operations via our operations Twitter account: @Adm1nistrateOPS
Application and Data Security: A Top Priority
We employ many different layers of security to keep your data safe. These security policies and processes follow industry best practices whenever possible and are periodically reviewed for conformance and compliance.
- All authentication and data transfer is fully encrypted and conducted via TLS (the successor to SSL).
- We employ firewall protections that prevent unauthorised users from attempting to connect to us.
- We have separate privileges for customer data and application access, and customer data is not commingled.
- We employ an industry-leading third-party security scanning service to audit our externally-facing infrastructure to determine any possible security threats daily.
- Source Code Management is employed for all applications and development processes.
- Application source code is hosted using an industry-leading secure, third-party source code repository.
Current Data Subprocessors
This is the current list of Data Subprocessors we use to deliver the Administrate service. From time to time we will update this list. If you’d like to be notified when we add or change an item on this list, please fill out the form here.
- Amazon Web Services – used for our development, testing, and production infrastructure environments.
- Raygun – used to monitor our infrastructure and assist with error detection and reporting.
- Sendgrid – used for email communications.
- Twilio – used for SMS communications.
- New Relic – used to monitor our infrastructure and assist with error detection and reporting.
- Sentry.io – used to monitor our infrastructure and assist with error detection and reporting.
- Pendo – used for in-app messaging, notifications, and communications with customers.
Service Level Agreement (SLA)
Our goal for system uptime is 100% each month, outside of scheduled downtime. We normally try to keep scheduled downtime to less than an hour each month. If we fail to achieve 99.9% uptime, measured monthly, we will issue pro-rata credit for your monthly subscription fees. This equates to no more than 40 minutes of unscheduled downtime in any given month.