Security Overview
Your operations depend on us. We take this responsibility seriously.
Our primary services are delivered via Amazon Web Services, the world’s leading provider of technical infrastructure.
More than a million customers in 190 countries, comprising over 2,000 government agencies, 5,000 educational institutions, and 17,500 nonprofits trust AWS every day with their operations, data, and infrastructure. AWS operates more than 10x the infrastructure of the next 14 hosting providers combined and is growing at a rapid rate. At this time, all of our infrastructure operates from within the Amazon EU Region (Ireland), and all data resides within the Amazon EU Region (Ireland).
We operate a fully redundant mirror infrastructure in a separate AWS availability zone to which we can failover if necessary.
The second AWS availability zone is geographically separate and receives a copy of transactions and data operations performed on our primary cluster in “real time”. In the unlikely event of a total failure at our primary provider, we can transition operations to the secondary location within minutes.
Our providers have an impressive security track record for safeguarding your data and operations. Our providers meet or exceed the following standards:
Administrate has achieved ISO/IEC 27001:2013 certification. The certification and audit were performed by A-Lign.
Administrate is GDPR compliant. Our agreements with our customers contain specific language identifying how we process and control data on your behalf. In summary, Administrate clients are the nominated Data Controller, and Administrate is the nominated Data Processor. We maintain a list of the Subprocessors we use on this page.
All critical systems are backed up nightly in addition to our mirror system.
All customer data is backed up nightly in addition to being replicated in “real time” to our mirror system. Backups are tested weekly. We have the ability to take additional “snapshots” of a system before making changes so that we can revert in the event of an unexpected outcome. Backups are taken nightly, encrypted, and securely transmitted and stored within Amazon S3 which provides for the data to be stored on no less than three physically independent devices for durability. Backups are customer specific, and data is not commingled.
For our application availability, please see our System Status page for the latest updates. A member of our support staff can respond to your questions and concerns around availability if you submit a support ticket.
We employ many different layers of security to keep your data safe.
These security policies and processes follow industry best practices whenever possible and are periodically reviewed for conformance and compliance.
We have several different levels of application monitoring to ensure that services are being rendered according to acceptable performance standards.
Our goal for system uptime is 100% each month, outside of scheduled downtime. We normally try to keep scheduled downtime to less than an hour each month.
If we fail to achieve 99.9% uptime, measured monthly, we will issue pro-rata credit for your monthly subscription fees. This equates to no more than 40 minutes of unscheduled downtime in any given month.
This is the current list of Data Subprocessors we use to deliver the Administrate service. From time to time we will update this list. If you’d like to be notified when we add or change an item on this list, please fill out the form below.
Administrate wants to be recognized not just for our business performance but also for the integrity with which we conduct business throughout the world.
Our business partners and stakeholders play an important role in our compliance and risk management program, and our security committee will review all concerns brought to our attention.
If you have information or a concern relating to security and business integrity at Administrate then please contact our team by emailing us: [email protected]
We ask that you provide all the relevant details that you believe will assist our team’s investigation. We will respond by email with a summary of our preliminary review, which may include asking for more information to help us take action. We will inform you of our next steps on the matter.
We will treat all concerns raised with sensitivity, dignity, and respect.
Following thorough investigation, we will communicate a summary of our findings and actions taken to you (as the party raising the concern). It may not be possible to divulge to you the in-depth detail of follow up action in the event that it will breach the company’s duty of confidentiality to someone else.
It must be noted that there may be circumstances in which there is a legal requirement for Administrate to reveal the complainant’s identity, for example where a regulator is involved in the investigation of the concern.
You may prefer to contact us anonymously. There are email services that mask the sender IP address, and we suggest you use a throwaway account with one of those services. This means we can still keep you informed by email and may hear back if we have further questions.