We take data security seriously.

Privacy and data security are the foundations of Recordbase, New Zealand’s leading a social sector client management system. We know it’s more than just data, it’s people’s lives.

Chat with us today!

When security matters

When you use Recordbase and the services of Wild Bamboo, you are entrusting us with one of your most valuable assets—your data.

You trust that the privacy and confidentiality of the data you store and process will be protected and that it will be used only in a way that is consistent with your expectations. We take security very seriously and embed good security practices in everything we do.

With over 25 years of sector experience, our team of experts understand that privacy matters, but we also know that letting the right people have access to that data at the right time, for the right reason is vital.

Everyday, we work on behalf of our customers to keep the information of tāngata whai ora safe and secure.

Privacy & Access

Getting the balance right

Working in the social sector means balancing the need for respecting the privacy of tāngata whai ora while ensuring your staff have access to the information the need.

Recordbase access is controlled within the system, and access is defined by user roles and teams or services.

Our system provides a flexible user, role, and permissions system configured to meet the needs of social sector organisations.

Everything that happens in Recordbase is tracked for auditing.  You can track who has access information, where they signed in from and changes made and provide a robust audit trail when needed.

Black listing, white listing and figuring out how or who has access to client information has access can seem daunting – our team can walk you through what works best and help you ensure your internal processes are robust in relation to security.

Security

Leverage world class systems

Recordbase is fully supported by Wild Bamboo and is hosted using Microsoft Azure.

Microsoft Azure is a leading provider of cloud hosting services, trusted by Fortune 500 companies, social sector, and health providers around the world. Azure provides comprehensive, multilayered security, including the largest compliance coverage of any cloud provider.

Recordbase undergoes regular security testing. We make sure it meets all data protection and compliance requirements in the Privacy Commission guidance for organisations using cloud-based systems and operating in the mental health and wellbeing sectors.

 

What you need to know


Leading-edge cloud storage
Protected by Microsoft Azure - leading cloud hosting service, trusted by Fortune 500 companies, social sector, and health providers around the world.


Access
Multilayered access settings designed to protect client privacy but give your team access to the information they need when they need it.


Safe
A full backup of all databases is taken each week, with differential backup occurring every 12 to 24 hours and transaction log backup of all databases is taken every 5 to 10 minutes. This gives us the ability and our customers the reassurance that we can restore data to a point in time to potentially a 5-minute window over the last 30-day period.


Compliance
Meets with all Privacy commission requirements for organisations working within the mental health sector.


Geo-redundant storage
Backups are stored in geo-redundant storage locations giving further protection against the possibility of outages impacting backup storage.


Secure
Access to data is strictly monitored and governed to reduce risk. Our staff only access what is agreed upon. We userstand that the importance of data stewardship.


Reliable
Our infrastructure is monitored 24/7 by automated systems. Recordbase is reviewed annually by an external, third-party security company. This includes penetration testing and, periodically, code review for security. Any significant issues will be raised with customers immediately via their Recordbase admin. Other issues are generally resolved as ‘business as usual’ by our development team.


Protected
Recordbase is protected behind Azure Front Door, a modern content delivery network (CDN) with built-in security, that stops network and application layer attacks at the edge with Web Application Firewall, Bot Protection, and DDoS Protection. It allows us to secure your private backends and harden your service using Microsoft managed and custom rule sets.

Choosing the right infrastructure – Microsoft Azure

By using Azure as our hosting platform, we can easily scale to meet the changing needs of your organisation and take care of the low-level concerns of looking after servers.

Azure SQL provides:

  • Encrypted data at rest
  • Intelligent insights to help with performance
  • Scalability
  • Geo-replicated database
  • Always up-to-date -patches

Azure App services provides:

  • Auto scaling – responsive to load
  • Monitoring / telemetry – app insights
  • Always up-to-date – patches

We know how vital it is that in the unlikely event something happens to your data we have systems in place to ensure that recovery is easy.

Recordbase uses SSL to securely encrypt information that is sent over HTTPS.

Your client and organisational data is kept in a separate Azure SQL database from all other client data/databases.

Backups and Geo-Redundancy

A full backup of all databases is taken each week, with differential backup occurring every 12 to 24 hours and transaction log backup of all databases is taken every 5 to 10 minutes.

This gives us the ability and our customers the reassurance that we can restore data to a point in time to potentially a 5-minute window over the last 30-day period.

Backups are stored in geo-redundant storage locations giving further protection against the possibility of outages impacting backup storage. Given that no data in Recordbase is deleted, you can rest assured that your data is protected.

Recovery Point Objective:

The Recovery Point Objective (RPO) is 10 minutes (Ie. the maximum transaction log backup interval), this indicates the maximum amount of data loss possible if a critical event occured.

The Recovery Time Objective (RTO) for a single customer is 2 hours and this is the amount of time it would take to bring things back online in a critical event.

“Recordbase meets the high government threshold for safety and security of client data. The system does what it says it does, it’s safe and secure, meaning our clients and funders can trust how the data is captured, stored, and reported” – Women’s Refuge

Let the only client management solution developed by the sector for the sector make things easier!

Have a chat