Service Agreement

Does stSoftware make available the full source code under an escrow agreement ?

Top

What are my IP rights?

Top
September 29, 2015

What are my IP rights?

Client IP is held in Client App and Client Data Layers

Summary

stSoftware's award winning patented multi-layered database structure separates generic and custom client code and data into different database layers. The code and data held in the Client App Layer and the Client Data Layer are the intellectual property (IP) of the client. The code and data held in the st Engine/App Layers are the IP of stSoftware.

The multi-layered database structure provides more than a designation of IP, they are integral to customising a generic solution which is rapid and affordable. Generic functionality can be easily customised rather than having to develop a custom system from scratch.

Specific client requests are normally broken down and implemented as generic features and then customized to the clients' requirements unless otherwise requested. Generic features are maintained/enhanced by stSoftware on going.  

Overview of a typical database layer structure in a custom cloud system

The client owns the IP for all code and data that is located in their Client App Layer and Client Data Layer for all stSoftware solutions.

stSoftware's Engine/App Layers

  • Generic features and data held in these layers are the IP of stSoftware
  • The cost of developing these features is shared by stSoftware and the client requesting the generic changes
  • The cost of maintaining these layers is the responsibility of stSoftware
  • There is NO client IP over any of the generic features/data in the base layers. 

Client's App Layer

  • Contains client specific screens/classes that are not generic
  • The client owns the IP (including Business Rules)
  • The client is responsible for the full cost of development and ongoing maintenance of the/Client App Layer including keeping compatibility with future browsers/features and keeping integration points compatible with other systems

Client's Data Layer(s)

  • Contains all the system's 'business data'
  • The client owns all the IP rights for the 'business data'
  • Completely private and is only accessed by ST for backup, support and redundancy purposes

Note: The structure can support multiple Client Database Layers, this is an additional benefit of the layering that enables the sharing of system functionality. For example in a franchise arrangement each franchisee has access to a discreet and totally private data layer and also has access to the shared Group App Layer and Group Data Layer

What are the security, back-up, disaster recovery and firewall services ?

Top
November 26, 2013

What are the security, back-up, disaster recovery and firewall services ?

stSoftware systems have security measures, back-up procedures and a range of disaster recovery options.

Security

Industry standard best practice for passwords for both the web server and Linux machines. Site designers do not have direct access to the underlying Linux server, the raw database or files. All changes are done within sandbox of the system. 

Back ups

All databases are backed up nightly.

All client documents are backed up nightly and consistency check of the raw file checksum is performed. 

The backups are kept for a week on site.

The machines themselves are backed up as a whole to an off site secure backup location. A full or partial restore of the machine can be done from the off site recovery centre.

Firewall

The standard system is Linux will all ports closed except HTTP, HTTPS and SSH. 

SSH is configured to block IP addresses after a series of failed log in requests. All SSH requests that are from unknown locations or from foreign countries are blocked by default.

Redundancy 

All raw files which are stored separately to the database itself are sent to both the main site and the disaster recovery site when the files are uploaded. Each version of a file is kept and never modified ( new version created ). When a file is uploaded a file checksum of the raw file is performed and stored in the database, the file is then encrypted and the key is stored in the database.  The compressed/encrypted resulting file is sent to the redundant file servers for permanent storage.

The hosting provider has a 2 hour hardware replacement

Service Delivery

What are the network and server availability guarantees ?

Top

Policies

Overseas act required by foreign law

Top
February 5, 2018

Overseas act required by foreign law

stSoftware does not transfer any personal data to a third county or international organization

In response to 13D EU legislation amendments and the APA 1988 overseas act required by foreign law.

stSoftware does not transfer any personal data to a third county or international organization. If stSoftware did transfer personal data it would in accordance with the commission ensures an adequate level of protection. The commission on an ongoing basis monitor developments in the third countries and or international organization that could affect the functioning of decisions.

Tags: APA

Notification and Collection of Personal Information

Top
February 5, 2018

Notification and Collection of Personal Information

The individual will be notified that their personal information has been recorded.

In response to principle 13, 13.2b of the APA 1988 

stSoftware takes many precautions in ensuring that your personal data is safe and secure at all times. Before, during and after collecting data, the individual will be notified that their personal information has been recorded. The user is notified before entering personal information and after in the form of a pop up. This is to ensure the individual is aware their information has been recorded into the system.

In accordance with the Australian Privacy Principle 5 (Notification of collection of personal information 1988) the data subject is entitled to their own data at anytime and has the ability to request the deletion of that data. stSoftware is unlikely to disclose personal information to overseas recipients. However if information is disclosed stSoftware will inform the individuals involved of where the recipients are likely to be located if practicable to specify and to make the individual aware of it to the best of our ability.

Tags: APA

Data Protection Impact Assessment

Top
February 5, 2018

Data Protection Impact Assessment

Protection of personal data in accordance with APP (Australian Privacy Principles)

Data Protection Impact Assessment

In response to Article 35 EU regulation 2016/679 

When implementing new proceedings which is likely to result in a high risk, stSoftware shall prior to the processing, carry out an assessment of the impact of the envisaged processing operations of the protection of personal data in accordance with Australian Privacy Principles and the (EU) 2016/679 OF THE EUROPEAN PARLIAMENT. This assessment is to ensure the safe keeping of the data subjects personal information. The assessment will contain

  • A description of processing operation and the purpose of these processing being implemented.
  • Assessment of the necessity of the processing operation.
  • Assessment of the risks to the rights and freedoms of data subjects
  • The measures envisaged to address the possible risks, safeguards and security measures implemented.

When necessary, stSoftware shall carry out reviews to assess if processing is performed in accordance with the data protection impact assessment laid down by the APA when there is any chance of risk along with undertaking its own Security checks.

Tags: APA

Notification of Personal Data Breach

Top
February 5, 2018

Notification of Personal Data Breach

Notification of the Breach are in accordance to the APP (Australian Privacy Principles)

Notification of Personal Data Breach 

In response to Article 33 (EU) 2016/679 

stSoftware takes pride in its security policies and ensures the highest levels of security for our clients personal data. In the unlikely case of a breach and in accordance to the APA (Australian Privacy Principles) and the (EU) 2016/679 OF THE EUROPEAN PARLIAMENT, stSoftware shall without delay and where feasible notify the data breach to the supervisory authority. If the the notification is not made within 72 hours, it shall be accompanied with apologies and reasons for the delay. If not possible to provide the information at the same time, the information may be provided at a later stage without further delay. The data breach will be documented and all systems in relation to the data breach reviewed and remedial action taken.

The notification will contain in accordance with (EU) 2016/679

  • The nature of the breach including categories, approximate number of data subjects concerned and approximate number of personal records concerned.
  • The name and contact details of the data protection officer and or other contact points where more information is needed can be obtained.
  • A description of the likely consequences of the personal data breach
  • The measures taken or proposed to address the data breach including measures to mitigate negative effects.
Tags: APA

Erasure of Personal Data and Restriction of Processing

Top
February 5, 2018

Erasure of Personal Data and Restriction of Processing

Control over your own Personal Information is important to us at stSoftware.

In response to Article 19 2016/679 OF THE EUROPEAN PARLIAMENT

Control over your own Personal Information is important to us at stSoftware. We pride ourselves on our transparency and the ability to acknowledge clients requests quickly concerning their personal data in a safe and secure fashion. stSoftware makes sure to communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this provides impossible or involves disproportionate effort.

In abidence with the Article 19;

  • The data subject shall be informed on the recipients if the data subject requests it. Personal data will not be processed at all, except when certain conditions are met. These conditions fall into three categories: transparency, legitimate purpose, and proportionality.
  • The data subject has the right to access all data processed about them. The data subject has the right to demand the rectification, deletion or blocking of data that is incomplete, inaccurate or not being processed in compliance with the data protection rules.
  • The data subject has the right to be informed when his personal data is being processed. stSoftware will provide name, address, purpose of processing, the recipients of the data and all other information required to ensure the process is fair.
Tags: APA

Notification Procedures of Personal information

Top
February 5, 2018

Notification Procedures of Personal information

Notification Procedures are in abidance with Australian Privacy Act 1998

stSoftware collects personal information for billing, sales and support. stSoftware meets or exceeds principles layed out in Australian Privacy Principles Privacy Act 1988. 

Tags: APA

Collection of Personal information

Top
February 5, 2018

Collection of Personal information

Your Privacy is very important to us at stSoftware and we abide by all rules laid down by the (APA) 

In response to principle 5, 5.1 and 5.2 APA 1988

Your Privacy is very important to us at stSoftware and we abide by all rules laid down by the  APP (Australian Privacy principle) 5.2 Collection of Personal Information. In compliance with APA Principle 5.1 you will be notified when your Personal Information is or has been collected. stSoftwares to the best of our ability will make sure the user is aware of this recorded data in the form of  a Notification . 

Any Personal information collected and placed the system will not be disclosed to previously disclosed APA entity unless the individual requests the entity notify the other APA entity of the correction. In this case stSoftware will take such steps to provide that information unless it is impracticable or unlawful to do so. The contents of the notification are view able here: Contents of Notification in compliance (EU) 2016/679 European Parliament Article 30 Records of Processing Activities 

As the subject data owner, you have rights to the restriction, processing and erasure of your personal data. stSoftware acknowledges these rights in accordance with (EU) 2016/679 of the European Parliament  and can be contacted at any time via the contact us page. 

In the Unlikely case of a Personal Data Breach stSoftware will abide by the APA (Australian Privacy Principles) and the (EU) 2016/679 OF THE EUROPEAN PARLIAMENT regulations. Further information can be found on the Notification of Personal Data Breach page along with our Software Security Policies

Tags: APA