Data is encrypted in the following ways: all traffic is servers over HTTPS/SSL connections (client browser to servers); we use a secure connection between the application servers and the database server (connection encryption); and finally the data in the database itself is stop encrypted (encryption at REST). The data stored in our database backups is also encrypted.
The Gap Portal is hosted by Amazon Web Services (AWS) in AWS data centres. We have one instance of the application in the Asia Pacific (AP) region, and a second instance in Europe (EU).
The servers housing data in the AP region include data from Oceania and Asia, where as the servers housing data in the EU include data from the rest of the world.
Two instances of The Gap Portal application are being run in each region (EU and AP). Both instances are being run in a high-availability cluster with each database being placed in separate availability zones to provide high availability.
In the unlikely event that an instances fail, there are automated backups for the database which are retained for 20 days. Point-in-time (PITR) recovery can be used to restore a database to a certain point in time within the 20 day retention period.
Should The Gap Portal application go down unexpectedly, our recovery point objective (RPO) is 5 minutes. We have not set a recovery time objective (RTO) but we endeavour to rectify issues as soon as possible.
On cancellation of subscription, your firm data will be archived and therefore inaccessible, but continues to be stored within the application for 2 years. This ensures that, should you become a member again, your firm data can be restored. After 2 years the data is automatically deleted from our databases, but will remain in our backups for a further 20 days. After these 20 days, we will no longer store any of your data.
Firm data can be deleted from our application upon written request. This data will remain in our backups for a further 20 days. After these 20 days, we will no longer store any of your data.
Adding multi-factor authentication (MFA) to your login process is a simple way to add an extra layer of security to your account. Your account can no longer be accessed if a single factor - your password - is known to someone else.
MFA is mandatory for all users whose firm has a Xero API connection, or otherwise available for users on an opt-in basis. We strongly recommend that all portal administrators enable MFA due to the increased access privileges available for these users.
ACM (Amazon Certificate Manager) is used to manage and deploy SSL/TLS certificates for our application.
AWS WAF (Web Application Firewall) has been configured to provide web application firewall features for the application. HTTPS connections which try to connect to portal.thegaportal.com are first inspected by the AWS WAF service. The service is used to filter/block any malicious website attacks which can occasionally be used to compromise a web server. This includes addressing issues detailed in the OWASP Top 10 security risks. These WAF rules are regularly updated as new issues emerge.
Our password policy includes minimum character length and variation. We strongly recommend users update passwords regularly and avoid re-using old passwords or passwords used with other applications.
We also use Google's reCAPTCHA feature to ensure password attempts and resets are validated requests made by a human to protect users from a brute-force attack.
The Gap is committed to undertaking annual penetration testing on the application, which includes a security assessment and network testing.
As security is an ongoing risk for applications, we are continually working to resolve existing issues and ensuring future development practices are improved to prevent issues.
Application development is scheduled based on The Gap’s internal product development plan, which is updated on a quarterly basis. Our product plans are not published in advance to member firms, however, are significantly influenced by member needs and feedback, as well as the business environment.
Our development team are located in New Zealand and development occurs primarily during New Zealand business hours, with hotfixes being expedited over feature releases.
Our current development practices mean that platform updates require down-time. We reserve the right to schedule these with 24 hours notice.
The support team are located in New Zealand and local time zones are applicable. Support is available during business hours. We endeavour to reply to support queries within 24 hours.