Managed Online Backup

Managed Online Backup is a part of our Remote Monitoring and Maintenance System.

It is a reliable, automatic and secure hosted offsite backup service.

It can be setup on servers, workstation and notebooks provides backup of data across multiple devices.

All backups are encrypted at source data using Advanced Encryption Standard (AES) technology.

It is administered and configured from our central Monitoring Systems.

We can exclude certain types of files, e.g. music and video files to reduce storage requirements.

You can cancel anytime and there are no quotas or minimum commitment requirements.

You simply pay monthly per GB of data selected.

Price: $1.1 per GB per month

Where does Managed Online Backup store the data?

Data is stored in Equinix Sydney Data Centers

More info here: http://www.equinix.com/locations/australia-colocation/sydney-data-centers

What level of data compliance do the data centers support?

ISO/I EC 27001:2005 - Information Security Management

Specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.

Is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

Is intended to be suitable for several different types of use, including the following:

1. use within organizations to formulate security requirements and objectives;
2. use within organizations as a way to ensure that security risks are cost effectively managed;
3. use within organizations to ensure compliance with laws and regulations;
4. use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
5. definition of new information security management processes;
6. identification and clarification of existing information security management processes;
7. use by the management of organizations to determine the status of information security management activities;
8. use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
9. use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
10. implementation of business-enabling information security;
11. use by organizations to provide relevant information about information security to customers

Do we comply with Health Insurance Portability and Accountability [HIPAA] requirements?

HIPAA Requirement Response
Electronic personal health information (ePHI) must be protected against any reasonably anticipated threats or hazards. Data is housed in data centres from Equinix. These data centres are designed with power systems that have built-in redundancy, full Uninterruptible Power Supply (UPS) systems with N+1 levels or greater, and backup generator systems in the event of a local utility failure.
Access to ePHI must be protected against any reasonably anticipated uses or disclosures that are not permitted or required by the Privacy Rule. Data is encrypted before transmission and is always maintained in an encrypted state at the data centre.
Maintenance of record of access authorizations The Backup Manager records when data has been uploaded and restored.
If the data is processed through a third party, entities are required to enter into a chain of trust partner agreement We have a EULA that customer need to agree to before proceeding.

Does MOB comply with Sarbanes-Oxley [SoX] requirements?

SOX Requirement Response
Record material must be accessible. All stored material is accessible and even in the event that the internet is down material may be recovered from the Local Speed Vault [LSV] if enabled.
Information cannot be tampered with or altered by any employee. All data is encrypted before being sent to the data centre.
Certain data must be retained for a minimum of 7 years As long as the MSP does not delete the client Storage Account the data will be held indefinitely.
Information is available only to client's authorised personnel? In the first release MOB will retain the encryption keys. In a future release we will allow the option for the client to manage their own encryption keys.

Does MOB comply with Payments Card Industry [PCI] requirements?

PCI Requirement Response
Protect cardholder data All stored material is accessible and even in the event that the internet is down material may be recovered from the Local Speed Vault [LSV] if enabled.
Encryption across all public networks All data is encrypted before being sent to the data centre.

What encryption standard do you use?

AES 128 bit.