XPLAN Implementation Guide - Security Policy: XPLAN

XPLAN Implementation Guide - Security Policy: XPLAN

XPLAN Security Policy Overview

IRESS operate an ISO 27001:2013 certified Information Security Management System (ISMS). The ISMS covers IRESS’ global Financial Markets and Wealth Management hosted service offerings provided to private and professional financial services industry participants by IRESS in Australia, Asia, Canada, New Zealand, South Africa and the United Kingdom. The ISMS includes the transmission, automated processing and storage of client data, the operation of the Production environment and the operation of client support services associated with the provision of the hosted IRESS services.

 

Security Policy

The screening of IRESS employees during the employment process includes background and law enforcement checks. Staff agree to non-disclosure, confidentiality and adherence to IRESS security policies as part of the employment contract. Security awareness training is performed annually.

IRESS host all client systems and data in a dedicated Production network. The Production network is a highly available, physically and logically separated from the corporate environment. The systems are housed in commercial ISO27001 certified data centers. The data centre provider manages physical building and environmental security. Client systems are held in racks and/or cages dedicated to IRESS.

Access to client systems and data is based on job role. Access is granted by the approval of the General Manager of Operations and is subject to annual access reviews. Access to client systems residing in the Production network is via a jump box solution. 

Client data is held within a dedicated production network. IRESS networks are segregated with firewalls. The network and core server logs are monitored (using automated monitoring tools) to ensure operational continuity and are consolidated into a SIEM. Security appliances and DDOS protections that include the use of third party traffic scrubbing services protect IRESS internet links. When equipment has reached the end of its useful life it is destroyed by a specialist data destruction company.

Connections between clients and IRESS are encrypted using HTTPS. Under standard hosting arrangements client data is not encrypted at rest. IRESS does offer costed options for data at rest encryption as well as additional security controls. 

Third party security consultancies perform annual security testing which involves both code reviews and white box testing. IRESS performs weekly vulnerability scanning of all Internet-facing systems. 

IRESS perform annual DR testing of the common environment. Clients can arrange specific client testing with their account executives.

    • Related Articles

    • XPLAN Implementation Guide - Security Policy

      Security Policy Overview TBC   XPLAN Security Policy IRESS operate an ISO 27001:2013 certified Information Security Management System (ISMS). The ISMS covers IRESS’ global Financial Markets and Wealth Management hosted service offerings provided to ...

    • XPLAN Implementation Guide - Overview and Navigation

      XPLAN Implementation Guide Overview and Navigation The purpose of this guide is to give the XPLAN Champion and the XPLAN Transition Consultant the information required to work together and ensure your practice is set up appropriately within XPLAN. ...

    • Hosted Solution Implementation - Capabilities

      Capabilities Overview Type Capability Description System Admin Contractor Adviser/Support staff Contractor2 Office Manager Adviser Personal Assistant / Receptionist Administration Access MailChimp Integration Allows user to access MailChimp ...

    • Conversion Process Guide - XPLAN: XPLAN Field Guide

        XPLAN to XPLAN Field Guide Overview Key Details Entity type individual Figure 1: Key Details - Main (Individual)    Screen Field Name XPLAN Field Name Notes  Title entity_title   Surname entity_last_name   First Name entity_first_name   Second Name ...

    • Conversion Process Guide - ANG: XPLAN Field Guide

        ANG to XPLAN Field Guide Overview Key Details Entity type User Screen Field Name XPLAN Field Name Notes First Name entity_first_name   Surname entity_last_name   Name entity_comment     Entity type Individual, Company, Superfund and Trust Screen ...

    • Popular Articles

    • Wealth Axis Files - Naming Convention

      File Format: Date, Client Name, File Name Date - yymmdd E.g: 12 Sept 2013 - 130912 E.g: Undated - 010101 Client Names One Client / Only primary client (John Smith) E.g: Smith, J Two Clients (Primary and Secondary Client/Client and Partner) - Married ...

    • Wealth Axis Wizards - Overview

      Overview  This article is designed to help you effectively use the Wealth Axis Wizards in XPLAN. The key features of the Wealth Axis Wizards are: Integration with key modules such as Client Focus, Portfolios (IPS), Risk Researcher, WealthSolver and ...

    • New User Manual - Admin

      XPLAN and the Advice Process Overview Many advisers use the Advice to Client process to manage the advice process in their business. To enable participants to be able to relate to the different modules in XPLAN, this course is structured along the ...

    • Administration - Email: Setting up the Outlook Plugin

      Outlook Plugin - Overview  Outlook Plugin is a function available with XPLAN that allows you to quickly and easily save and record email correspondence in the XPLAN document library as a Note that is linked to a client or user entity. This allows for ...

    • XPLAN Workshop - XPLAN Client Setup

      Introduction Overview     Each practice deals with leads, referrals and potential clients differently. However, most practices have a system regarding the way client information is recorded and relationships with clients are managed. In this section, ...

    • Recent Articles

    • XPLAN Legislative Rates June 2022

      XPLAN Legislative Rates - June 2022 Legislative rates have been updated to reflect: 1. Social Security rates effective July 2022 2. AFSA Retirement Standard Benchmarks for the March Quarter 2022.  Social Security Rate Changes - July 2022 The rate ...

    • XPLAN: Task Notifications - Redirecting

      XPLAN: Redirecting Task Notifications XPLAN task notifications can be sent to your Email Inbox (e.g. Outllok, Gmail) to notify you if a task has been created, unactioned, is overdue or complete. If the task notifications cannot be turned off, then ...

    • XPLAN Version Enhancements - 18 November 2021 (Version 21.11.195)

      XPLAN Version Enhancements - 18 November 2021 (Version 21.11.195) Client Focus Digital Signature Notification will Honour the "Override from Address" when sent by Super User The notify signatories template configured in system settings > client focus ...

    • XPLAN Version Enhancements - November 2021 (Version 21.11.194)

      XPLAN Version Enhancements - November 2021 (Version 21.11.194) Client Focus New Current Residential Address Field A new field, current residential address, has been added to record a client’s current address. When entering the first address for a ...

    • XPLAN Datafeeds: HUB24 Enhancements (v4.3) 29 October 2021

      HUB24 Enhancements: 29 October 2021 HUB24 have released enhancements to their  XPLAN EPI 4.3 datafeeds, to be effective 15 November 2021. Below is the information directly from HUB24 on the enhancements. The Individual Holding extract is where the ...