• Apache 2.4.x – kept up-to-date with latest security fixes

• MySQL 5 – kept up-to-date with new releases

• PHP 7.2 – kept up-to-date with new releases

• Exess has a dedicated server that is hosted in a purpose-built centre in the Sth Island
• Data Centre Tier Rating: 3
• Fully redundant* architecture utilising dual Cisco 6500 core switches.
• Fully redundant* FortiGate appliances for network security
• Multiple POEs (Point of Entry) for fibre using Border Gateway Protocol (BGP4) core routing to eliminate network downtime.
• Independent networks for backups, management and public services ensure the highest levels of security and performance by segregating traffic on physically separate networks.
• 99.99% Core Network Service Level Agreement

*In engineering, redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the case of a backup or fail-safe.

• Back up is to a dedicated server in a Tier 4 data centre in the North Island to accommodate additional archiving, data management and disaster recovery.
  

• Private Data Centre – invited, escorted access only
• No signage, nondescript building
• Single entry and exit point, using biometric devices and man-trap access
• Network cameras monitoring and recording all movement – no blind spots
• Perimeter fencing encompasses the data centre with CCV (closed circuit video) surveillance cameras recording all entry/exit points and open areas
• Security patrols nightly at random times to ensure the location remains secure. After hours access to the location is via keypad entry only

• Segregated fire-rated power room, independent biometric access
• Custom designed and engineered main switchboard with dual A + B (2N) power supply and integrated ASCO automatic transfer switch (mains/generator)
• Olympus auto-start diesel generator, serviced and load tested monthly with 24 hour on site diesel storage
• Dual A + B (2N) power feeds to A + B (2N) UPS’s Uninterruptible Power Supply (UPS)
• Dual A + B (2N) metered and monitored PDU’s (Power Distribution Units) in each 19′ cabinet

• Exess is on a dedicated server – nothing else runs on there; it’s a real machine not a virtual machine
• There are NO non-essential services running on the box – just the bare minimum to support Exess the web application (for example, there is no FTP service)
• The Exess server is behind a firewall that restricts traffic to ports 22, 80, and 443
• All data is transferred over SSL (we only use port 80 for Google Maps)
• Data is encrypted for backups
• Remote shell access (for programming work) to the server is strictly limited and controlled
• The server is patched and all applications kept-up-to-date
• The database does NOT listen for remote connections
• Exess review security on a regular basis and act promptly on any identified issues
• All staff sign confidentiality agreements if they have access to customer data