Introduction

ShipitSmarter is offering its functionality to customers in a Software-as-a-Service (SaaS) model. To deliver SaaS, ShipitSmarter has designed and set up its own infrastructure and application platform. All data resides physically on a server in a dedicated, locked cage at our data centre partners. Our data centre partners provide power, network and backup services. ShipitSmarter owns the servers and is responsible for provisioning, monitoring, and managing the servers, and for providing support to customers using ShipitSmarter solutions.

Data storage

The ShipitSmarter platform was designed and optimised specifically to deliver the ShipitSmarter services and has multiple levels of redundancy built in. The applications themselves run on a separate front-end hardware node than that on which the data is stored. Hardware failure of the compute node is recovered automatically. External storage is used for offloading data backups in 30-minute intervals around the clock. All backup storage locations are within the EU, as a minimum being 25 kilometres apart and on a separate EU internet backbone.

Facilities

We selected our data centre partners to operate to a very high standard. Access to the data centres is limited to authorised personnel only to be verified physical security measures, including on-premises security guards, closed circuit video monitoring and additional intrusion protection measures. Within the data centre, all ShipitSmarter equipment is stored in locked cages. Every data centre facility is equipped to withstand Acts of Nature.

Our data centres are located in Europe.

People and access

The ShipitSmarter support team maintains an account on all ShipitSmarter systems and applications for the purposes of maintenance and support. This support team accesses hosted applications and data only for purposes of application health monitoring and performing system or application maintenance, and upon customer request (this request being submitted and verified within our ticketing system). Within ShipitSmarter, only authorised employees to have access to application data. Authentication is

done via individual two-factor authentication and the servers only accept incoming secure connections from within ShipitSmarter offices and whitelisted data centre locations. ShipitSmarter has been designed to allow application data to be accessible only with appropriate credentials. By nature, one customer can only access another customer’s data with explicit knowledge of that other customers’ full login information. Maintaining the security of each customer’s login information is fully their own responsibility.

The ShipitSmarter operations team monitors the ShipitSmarter platform 24×7 using a combination of automated and visual controls. The monitoring platform is set up independently from the ShipitSmarter platform itself.

Certification

To augment 3rd party application penetration testing we have performed, we have selected data centre providers that maintain industry-standard certifications.

Our data centres are ISO27001 / ISAE 3402 certified as a minimum. Under these certifications, physical security, system availability, network and IP backbone access, customer provisioning and problem management are addressed.

Business continuity

The ShipitSmarter platform is designed to operate to high availability standards: business continuity is fully embedded in our ways of working. To minimise the risk of data loss, we operate redundant systems with a continuous offload of data backups to secondary standby systems.