6. IT RESOURCES PLAN

Overview

We use an electronic Finance Broker Software package (called FLEX) that has been developed by our aggregator, AFG. FLEX is offered as a web hosted service managed by AFG. It is accessed over the internet using Microsoft Internet Explorer.

This software is used to store critical client data used for applications and as a CRM program.

FLEX Availability

FLEX is available 24 hours a day, 7 days a week, except during scheduled outages (usually between 10pm – 4am WST). We are advised of scheduled outages in advance (where possible, 10 days prior to the scheduled outage).

FLEX is hosted at a managed off-site data centre, with UPS and backup power generator facilities.

The servers and data are backed up daily to a disaster recovery site hosted in AFG’s Perth office.

The application is load balanced across multiple web servers and application servers to provide a level of high availability, and can tolerate the failure of a server with minimal interruption. In the case of a site failure the DR site will be online in no more than 48 hours.

FLEX Backup and Recovery

FLEX is hosted at an off-site data centre. The disaster recovery (DR) site is on-site at AFG’s Perth office.

The production servers and data are backed up daily to disk at the DR site, where it is kept for a week. The daily backups are also streamed to tape for archiving. The daily tape backups are stored for a week. A weekly archive is taken and stored for a month. A monthly archive is taken and stored for a year.

FLEX Disaster Recovery

There is a documented Disaster Recovery Plan, which is tested at a minimum once a year, with the results audited by external auditors. The DR plan is revised and retested with each major infrastructure change.

In the event of a disaster the systems will be recovered within 48 hours, with no more than 24 hours data loss.

FLEX Security

AFG adopts a “defense in depth” approach using multiple layers of security, including firewalls and intrusion prevention systems at the perimeter. There is also a reverse proxy server to hide the web servers. Virus scanners and spam filters are also employed internally at AFG.

AFG employs external security consultants to perform a vulnerability assessment and conduct an ethical hacking exercise on an annual basis.

The FLEX Web client uses 265bit SSL encryption for the transmission of data. The Mobile client uses RSA encryption for data transmission between the mobile client and the server. The data on the mobile client database is encrypted using AES.

FLEX passwords are generated by AFG and consist of 6 alphanumeric characters. The FLEX Web client currently uses database authentication and stores the passwords in encrypted form with a DES encryption algorithm. The FLEX Mobile client uses RSA SH-1 password hashing.

FLEX uses a hierarchical access control model. There are no limits to the number of levels in the hierarchy and those higher up in the hierarchy can see the data of those below them. (e.g. Head office, state office, and branch). Furthermore access to data is restricted by the users position and access to the views in FLEX is restricted by their responsibility.

FLEX Monitoring

AFG has an automated monitoring system with SMS and email alerts sent for critical issues. Core systems are monitored in 5 minute increments with alerts triggered when thresholds are reached. This information is also reviewed monthly to assess trends and used for capacity planning.

FLEX Development & management

There are two types of updates to FLEX. Simple updates, such as changes to tax rates, first home buyers grant, and stamp duty, which can be made immediately by simply updating the data in FLEX. More complex legislation changes, such as the National Consumer Credit Protection legislation and other changes that require new functionality to be added are done as part of a code change (FLEX release). There is one major release and three to four minor releases planned for each year.

Other IT systems

Our IT system is simple, consisting of a laptop and multifunction centre (printer, fax, and scanner).

We obtain external maintenance support from suppliers if and when required.

Client information, sent to us electronically and not stored on FLEX, is stored locally on a laptop computer which is password protected at the administrator level.

This computer is password protected and protected from viruses using the latest version of the “ESET smart security” software.

We backup our laptop computer monthly to an external hard drive. The saved data is checked annually to ensure it is available if needed. Extended warranty plans are taken on all computer equipment to ensure they can be quickly replaced in the event of failure.

In the event of failure of our laptop computer, a new computer or replacement hardware will be purchased and the backup data reloaded onto the hard drive.

geoffrey thomas mckenna

abn 73 732 994 243

132 WINGROVE street • fairfield • 3078

mobile: 0405 447 131

Phone: 03 9443 0083 • Fax: 03 9443 0042