Security Overview

Security and Data Protection You Can Trust

Your operations depend on us. We take this responsibility seriously.

Delivered from the World’s Leading Technology Infrastructure

Our primary services are delivered via Amazon Web Services, the world’s leading provider of technical infrastructure.

More than a million customers in 190 countries, comprising over 2,000 government agencies, 5,000 educational institutions, and 17,500 nonprofits trust AWS every day with their operations, data, and infrastructure. AWS operates more than 10x the infrastructure of the next 14 hosting providers combined and is growing at a rapid rate. At this time, all of our infrastructure operates from within the Amazon EU Region (Ireland), and all data resides within the Amazon EU Region (Ireland).

Support team working with a customer on a laptop.

High Availability and Redundancy

We operate a fully redundant mirror infrastructure in a separate AWS availability zone to which we can failover if necessary.

The second AWS availability zone is geographically separate and receives a copy of transactions and data operations performed on our primary cluster in “real time”. In the unlikely event of a total failure at our primary provider, we can transition operations to the secondary location within minutes.

Data Center Security

Our providers have an impressive security track record for safeguarding your data and operations. Our providers meet or exceed the following standards:

  • SSAE16
  • ISO 27001
  • ISO 27002
  • PCI Security Standards
  • HIPAA Compliant (have signed a Business Associates Agreement with Administrate)
  • SOC-II

  • Administrate is SOC 2 Type 1 and Type 2 Certified

    Administrate has achieved SOC 2 Type 1 and Type 2 certification. The certification and audit were performed by A-lign.

  • Administrate is ISO/IEC 27001:2013 Certified

    Administrate has achieved ISO/IEC 27001:2013 certification. The certification and audit were performed by A-Lign.

  • GDPR Compliance

    Administrate is GDPR compliant. Our agreements with our customers contain specific language identifying how we process and control data on your behalf. In summary, Administrate clients are the nominated Data Controller, and Administrate is the nominated Data Processor. We maintain a list of the Subprocessors we use on this page.

Backups and Disaster Recovery

All critical systems are backed up nightly in addition to our mirror system.

All customer data is backed up nightly in addition to being replicated in “real time” to our mirror system. Backups are tested weekly. We have the ability to take additional “snapshots” of a system before making changes so that we can revert in the event of an unexpected outcome. Backups are taken nightly, encrypted, and securely transmitted and stored within Amazon S3 which provides for the data to be stored on no less than three physically independent devices for durability. Backups are customer specific, and data is not commingled.

System Status

For our application availability, please see our System Status page for the latest updates. A member of our support staff can respond to your questions and concerns around availability if you submit a support ticket.

See latest updates
Application and Data Security

Security is our Top Priority

We employ many different layers of security to keep your data safe.

These security policies and processes follow industry best practices whenever possible and are periodically reviewed for conformance and compliance.

  • All authentication and data transfer is fully encrypted and conducted via TLS (the successor to SSL).
  • We employ firewall protections that prevent unauthorised users from attempting to connect to us.
  • We have separate privileges for customer data and application access, and customer data is not commingled.
  • We employ an industry-leading third-party security scanning service to audit our externally-facing infrastructure to determine any possible security threats daily.
  • Source Code Management is employed for all applications and development processes.
  • Application source code is hosted using an industry-leading secure, third-party source code repository.

Service Monitoring and Reporting

We have several different levels of application monitoring to ensure that services are being rendered according to acceptable performance standards.

  • We provide a public operational service status page which documents our historical uptimes and provides information in the event of a service disruption.
  • Uptime monitoring by a third-party (Pingdom) which notifies us when external services slow down or fail.
  • Internal application instrumentation on server loads and performance, in case resources are consumed at unusual rates.
  • We provide the status of unusual or degraded operations via our operations Twitter account: @Adm1nistrateOPS

Service Level Agreement (SLA)

Our goal for system uptime is 100% each month, outside of scheduled downtime. We normally try to keep scheduled downtime to less than an hour each month.

If we fail to achieve 99.9% uptime, measured monthly, we will issue pro-rata credit for your monthly subscription fees. This equates to no more than 40 minutes of unscheduled downtime in any given month.

Current Data Subprocessors

This is the current list of Data Subprocessors we use to deliver the Administrate service. From time to time we will update this list. If you’d like to be notified when we add or change an item on this list, please fill out the form below.

Receive notifications
  • Amazon Web Services: used for our development, testing, and production infrastructure environments.
  • FlatFile: used by new Administrate customers as part of the data onboarding process
  • Sendgrid: used for email communications.
  • Twilio: used for SMS communications.
  • Honeycomb.io: used to monitor our infrastructure and assist with performance improvement.
  • Sentry.io: used to monitor our infrastructure and assist with error detection and reporting.
  • Credly: used within our Administrate University product to award badges to students.
  • Workato: used to power external integrations
  • Google Analytics: used for analytics and product insights
  • Zendesk: used within Administrate to allow Users to utilize Administrate Chat
  • Hubspot – used within Administrate to deliver in-application NPS Survey

Report Security Concerns

Administrate wants to be recognized not just for our business performance but also for the integrity with which we conduct business throughout the world.

Our business partners and stakeholders play an important role in our compliance and risk management program, and our security committee will review all concerns brought to our attention.

If you have information or a concern relating to security and business integrity at Administrate then please contact our team by emailing us: [email protected]

We ask that you provide all the relevant details that you believe will assist our team’s investigation. We will respond by email with a summary of our preliminary review, which may include asking for more information to help us take action. We will inform you of our next steps on the matter.

We will treat all concerns raised with sensitivity, dignity, and respect.

Following thorough investigation, we will communicate a summary of our findings and actions taken to you (as the party raising the concern). It may not be possible to divulge to you the in-depth detail of follow up action in the event that it will breach the company’s duty of confidentiality to someone else.

It must be noted that there may be circumstances in which there is a legal requirement for Administrate to reveal the complainant’s identity, for example where a regulator is involved in the investigation of the concern.

You may prefer to contact us anonymously. There are email services that mask the sender IP address, and we suggest you use a throwaway account with one of those services. This means we can still keep you informed by email and may hear back if we have further questions.