Formlify Security, Jurisdiction and Confidentiality 

Formlify is a product of CIBIS International. CIBIS International is certified in ISO27001 – the international standard for information security management. ISO27001 requires a rigorous audit process by an accredited external auditor and ongoing follow-up reviews. 

Formlify was designed to support clients having specific requirements in terms of hosting, accessing and storing sensitive, confidential and private data.   

Formlify is exclusively hosted in Australia within the CIBIS Virtual Private Cloud (VPC) located at Amazon Web Services in Sydney. No data is communicated or stored offshore. This fully caters to the Australian Privacy Principles, jurisdictional concerns, and a host of other issues relating to compliance whether it relates to the GIPA Act, storing health data, data sovereignty issues etc.   

CIBIS’ clients include local government, health care, higher education and a host of other organisations storing or collecting sensitive information including passport details, visa, health, education, financial and other personally identifiable information.  

CIBIS Staff have completed National Police Criminal Records Checks due to certification requirements to ensure the confidentiality and privacy of any data you collect is maintained.  

Formlify form data entered in either the browser or mobile app is encrypted in transit to the CIBIS VPC from which data persisted in a database which is not publicly accessible. 

Given we store such sensitive information, our focus on privacy and security is of paramount importance. The security implementation in the CIBIS VPC is based on PCI DSS including minimum encryption standards. It is not a single solution, but a heterogeneous combination of various technologies supported by robust policies, procedures and systems.  

As an enterprise system, Formlify provides a complete audit trail. Users, forms and responses cannot be deleted although the system does support setting response data retention policies.  

CIBIS VPC infrastructure is protected by multiple firewalls from different vendors, providing several layers of security at different levels of the network and application stack.  Network access is regularly tested using external network penetration testing tools.  Additionally, external application penetration tests are conducted.   

All CIBIS VPC user access is by individual unique user accounts with no shared accounts, and system accounts are not used for any purpose outside the operating system vendor’s configuration.  

All alerts are reviewed by appropriately trained staff daily, with full auditing and logging, and all servers are updated with vendor patches weekly at a minimum, or more often as required. Security advisories provided by US-CERT and AusCERT are reviewed for applicability and impact as they are issued.  

A duplicate VPC is in “standby” in case of primary data centre failure, but data always remains onshore within Australia’s jurisdiction.

Get Started with Formlify

Industry Segments

Local Government

Local Government

More

Higher Education

More

Health Care

More

Utilities

More

Not For Profit

More

Finance & Insurance

More