IT Requirements

To minimize change for our clients and maximize efficiency, where possible we try to integrate our IT infrastructure with our clients existing frameworks. This is achieved by using secure private cloud based software (i.e. XPLAN), remote access technologies (i.e. Citrix, MS Remote Access), and collaboration and communication tools (Atlassian, Email, Lyncetc) to manage client interactions. All of our systems are maintained in a secure private cloud environment, maintained and hosted in Australia by ASWIG Solutions. This enables us to bring security and flexibility to our client interactions.

We do not use our own bespoke software as we evaluate clients needs individually. We prefer to use best of breed technologies that are widely used and supported.

Technologies currently used to facilitate interactions include:

  • Citrix and MS Remote Access
  • Team Viewer
  • MS Lync
  • Video Conferencing
  • Skype
  • Email
  • Go To Meeting
  • AtlassianConfluanceand Jira
  • Voipphone links
  • Private VPN interface with client
  • XPLAN

Our long-term relationship with our technology provider ASWIG Solutions has enabled us to not only access the latest Information and Communication technologies, but also to leverage their expertise into customised client interfaces. ASWIG Solutions becomes a key stakeholder in the client relationship, working closely with our team and the clients team (including IT providers) to design and build the best interface possible. ASWIG Solutions 24/7 support team are then responsible for the ongoing maintenance of the delivered solution.

Privacy

As highlighted in the organisational overview, at its inception Capacity Connection brought together experts from the highly-regulated financial planning and banking industry, the APRA-regulated Insurance industry, and an IS27001 certified IT provider. As a result privacy and data security is ingrained in our culture and values, as well as our policies and procedures.

Our provider of both IT solutions and offshore resources has held the ISO 27001 Information Security Management System certification for seven years. This is subject to annual recertification and bi-annual certification audits by Lloyds. Additionally as its parent company is APRA and ASIC regulated it is also subject to regulatory audits. As a result stringent systems, policies and procedures are maintained.

Technology Security

  • Firewall rules
  • Protection against Trojans and viruses through antivirus on servers and desktops, email gateways and internet filters
  • Regular automated patching procedures to ensure that security updates are applied in a timely manner.
  • Regular penetration tests and scans to ensure that the network and systems are secure
  • Data captured will continue to be stored in the Australian based environment and preferably the clients
  • Security event log files are centralised and regularly reviewed for suspicious activity
  • Restricted Web and email access. (ie work related sites white-listed, no email except corporate email which is logged and monitored)
  • BYOD devices such as phones, tablets etc are restricted to break out areas and are locked up during work hours.

Physical Security

A Grade CDB based building with 24/7 Security

  • CCTV (entry/exit points and at sensitive areas)
  • Alarm systems
  • Photo ID access cards with appropriate access controls in place
  • Secure desktop policy (PCs locked when staff leave their desk, clean desk policy)
  • Visitor sign-in requirement and visitors escorted on premises
  • Dedicated sensitive areas with restricted access
  • Site access reviews

Human Resource Security

Employer of choice, ensuring access to the best candidates who are highly skilled and Australian educated.

  • Minimum of two reference checks conducted for all new staff
  • Background and police checks conducted
  • Policy training during induction (for all staff) in relation to information security and the protection of confidential information
  • Requirement for all staff to sign and be bound by confidentiality / non-disclosure agreements
  • Effective management team and structure.
  • Ongoing development of all our staff including management.
  • Effective performance review process and system using SABA software that integrates stakeholders as well as management.
  • Generous remuneration and benefits
  • A culture that focuses on integrity and will not tolerate a lapse in our values

Desktop Security

  • Locked down environment to prevent unauthorised removal or duplication of data
  • Utilisation of thin client ensuring no offshore storage capability, USB/Firewall or CD/DVD read/write
  • Access to external email and internet webmail are denied(unless exempted for specific requirements)
  • No Printers (Dual screens used instead)

Disaster Plan

As we are a distributed business, dependent on information technology and our people to function, our disaster recovery plan is multi faceted.

The information below details at a high level the response to a disaster resulting in the loss of access to each of the components critical to our business.

Sydney Premises

In the event of our staff being unable to access our Sydney office, our staff can remotely access our private cloud based systems and can communicate with clients and team members from their laptops. This can be either from home or from our IT solution providers premises, whom we have an agreement with. They have three alternate sites for us to utilize in the event of disruption that is wide spread. This is tested on a regular basis.

Vietnam Premises

In the event of our Vietnam-based staff being unable to access their office, the staff have access to two alternate offices in HCMC. In the event of a wider spread interruption staff would be relocated to the provider ASWIG Solutions Malaysian or Philippines offices. Sydney based staffed are trained to fill any gaps in service that may occur while staff relocate to alternate facilities.

Private Cloud

Our Private Cloud solution provider ASWIG Solutions is an ISO27001 certified solutions provider and also has APRA and ASIC regulated clients. As a result it has a comprehensive Business Continuity Program to ensure delivery of services. Our private cloud solutions hosted on ASWIG Solutions owned equipment is housed in an AAPT data centre at Broadway in Sydney. This is a facility which maintains an environment designed to minimize the risk of a disaster, including independent power supply, physical security, fire suppression etc. However in the event of a disaster ASWIG Solutions maintain a warm DR site at Parramatta. There is a two hour turn around for this site in the event of a disaster. This site also provides seats for ASWIG Solutions staff in the event that they are unable to access their Sydney office, enabling then to continue to deliver services to their clients including Capacity Connection.

Transition

The key management of Capacity Connection have considerable experience in the management of business transitions within the financial services sector. We have a history of successful outsourcing transitions, including

  • The services provided by over 800 staff in the insurance sector in two states;
  • 25 roles in an accounts payable/receivable operations in a B2B company (achieved in less than six weeks);
  • Various roles in the financial planning space; and
  • Single key underwriting roles for clients.

WOULD YOU LIKE TO DISCUSS FURTHER?

Or contact

Kristel Underwood - 9195 3777

kristel@capacityconnection.com.au