System and data security you can trust.

Be assured that we take data security extremely seriously.

With a wide client base ranging from government departments, councils, not-for-profits and the private sector, our customers can all rest assured their data is kept secure at all times.

Benefits of Nimblex that clients love.

Low-code development

Low-code development enables rapid, cost-effective solution creation. This method promotes innovative designs, and is highly adaptable thus facilitating perfect-fit solutions.

Get online within weeks with Nimblex

Deploy a simple yet powerful Core system in as little as 4-6 weeks.

Customer-specific integrations

Whatever your current solutions may be, we will find a way to integrate with them, and each Nimblex solution seamlessly works hand-in-glove with every other Nimble module as a unified whole.

Single Sign On across applications

Enjoy the ease and security of Single Sign On authentication across your systems.

Infrastructure.

Nimblex is hosted on Microsoft Azure, a leader in secure scalable computing infrastructure.

Azure meets stringent security requirements, including physical controls at the datacentres, data privacy guarantees and robust controls.

Azure has extensively published their security practices and certifications, and hosts over 50 security certifications both conforming to International Standards as well as country specific specifications.

Data Protection.

  • Data Encryption
  • Data in Transit
  • Data at Rest

Due to the business-sensitive data hosted on EBMS servers on behalf of clients, we understand how important it is to ensure that all data is appropriately secured.

  • A symmetric encryption key is used to encrypt data as it is written to storage. This uses AES256 security to ensure its integrity.
  • That key is used to decrypt that data in memory for use.
  • Keys are stored in an Encrypted Azure Managed Key Vault.

All data is transferred between EBMS servers and user devices using up to 256-bit encryption via TLS1.2 and a class leading certificate provider. All data is transferred using HTTPS.

All data stored in our Azure data centres is encrypted at rest to safeguard our clients’ data. Data is encrypted using a symmetric encryption method and keys are stored in an encryption key vault in Azure to limit access. Azure Activity Directory is used to provide only limited access to keys to specific services and users.

  • A symmetric encryption key is used to encrypt data as it is written to storage. This uses AES256 security to ensure its integrity.
  • That key is used to decrypt that data in memory for use.
  • Keys are stored in an Encrypted Azure Managed Key Vault.

Download: Data Encryption:
A Weapon for Cybersecurity.

Disaster Recovery.


All data is stored utilising Azure’s Geo-redundant Storage (GRS) model to enable swift switching of data centres if the primary tenancy becomes unavailable.

When stored in GRS, data is synchronously copied to three physical locations in the primary region using LRS.

It then copies the data asynchronously to a single physical location in a secondary region providing a durability for data storage of 99.9999999999999999% over a year.

All customer data and system designs are backed up on a regular basis. The following schedule is adhered to in regard to backups to ensure your data is accessible when needed.

Instant Restore Snapshots are stored for two days.

Daily backups are taken overnight and stored for 14 days.

Weekly backups are taken on a Sunday and stored for four weeks.

A monthly backup is taken on the first Sunday of the month and is stored for six months.

Content Controls.

The following outlines the application level controls put in place to manage users and data within the Nimblex application.

User Authentication

Administrators have the ability to enforce password complexity, length, age and whether previous passwords can be used. Administrators also can force a reset of user passwords when required.

Passwords are never transmitted in plain text. EBMS only stores a salted one-way hash of the password and not the actual password itself. When logged in, users are authenticated and re-verified with each transaction via a secure token created at login.

Read more: How Do Passwords Work?

Utilising an Authentication Gateway for Single Sign On

Nimblex supports SAML 2.0 compliant gateways for Single Sign On, allowing administrators to centrally manage the security complexity, and authentication requests from an organisational gateway.

Gateways such as Azure AD and GSuite have been used successfully by organisations in the past to authenticate users. No passwords are sent to Nimblex when users login via this method.

Lockout

Administrators have the ability to define how the system handles incorrect attempts to login to the system. There are two methods available for managing user lockouts.

Fixed Number of Failures – This restricts the user to only a certain number of login attempts before they will be locked from the system. To be unlocked they will need administrator intervention.

Exponential Lockout – Allows a user to attempt to login a set number of times, before being locked out for a set amount of time. They can then try again to log in once this time has expired. In this scenario, no administrator intervention is required.

Enhance standardisation and increase profit margins.

Increase profits with smart solutions

The objective of any business improvement process is to become more profitable by working smarter. This is exactly what our Nimblex clients experience.

Quickly implement new ideas

Bright ideas from staff can be easily implemented through a change request, or even implemented by the client themselves thanks to Nimblex’s easy to use ‘drag and drop’ configuration capability.

Further System Controls.

To further allow organisations to tailor their security experience within Nimblex, we offer a range of security controls that can be implemented individually or in batches depending on business requirements.

Nimblex utilises a role-based permissions system which can be centrally managed by the administrators from the control panel. Due to the flexible nature of the system, it is possible that custom groups may be created to allow for client specific business rules and permissions.

External Reviews.

EBMS engages a third party to perform penetration testing on an annual basis. These firms are specialist application security firms who analyse Nimblex and its hosting for vulnerabilities. To test for these, they use industry based automated tools and extensive manual testing.

Read Only Controls

At system design you can specify for specific fields to be Read Only always, or when certain conditions are met. This will prevent data stored in a field from being altered/modified or deleted by any user not adhering to a set of logic.

Control Visibility Rules

At system design you can specify certain data to only appear on screen for specific roles or logic requirements. For example, you may have a block of data only visible on screen to a set of administrators.

Record Level Filtering

This allows you to specify who has access to record level data. At system design this is where access to read and write to specific records is generated and controlled. This will allow you to apply further logic than just role-based permissions.

Function Security

Function security allows you define role (user or group) based permissions to use specific system-wide functions within the system. Functions such as Access to a Web API, Ability to Export records, the System Scheduler, System Designer, etc. can be controlled via function security.

IP Lockout

You can use this to restrict access to your instance to a specific list of IP addresses, which may be a useful security feature for organisations wishing to only allow access from organisational premises. This is done at an application level.

Component Access Control Lists

Component Access Control Lists allow defining access permissions at the very lowest level. On a per-column and per-folder basis you can specify read and write access for users.

Manage Temporary Replacements

We understand people go on leave, and as such we have built a function to manage workloads of staff on a temporary basis. This allows you to assign a user access to another user’s profile temporarily (date/time limited). This prevents passwords being shared internally, as well as keeping any decisions made whilst in this role auditable.

Audit Report

The audit report captures various actions across the system. This report captures metadata such as user login information, switching into other roles, as well as data saved into the system.

Operations

Administrative access to EBMS hosted systems is controlled. Only authorised members of the EBMS team have access to the Azure Portal and Remote Desktop Capabilities. EBMS Support staff will get application level access to implement change requests at a client’s request.

Internal Controls

EBMS places security at the highest level, as such we have management buy-in of all security practices within EBMS to ensure security is maintained and continuously improved.

EBMS performs periodic risk reviews for both internal and external systems to ensure that we are aware of the risks and have a mitigation plan in place to mitigate the risk. Security procedures, information and training is shared openly among EBMS staff with a continuous improvement mindset.

Data Ownership

All data is owned by the client and no claim of ownership is made by EBMS over any records or documents created within Nimblex. We also respect your privacy and will never make client records visible without permission.

Internal Reviews

Security Reviews are performed at multiple times during the development process. This includes code reviews and architectural reviews. All code reviews have a focus on the security of data and may include things such as authentication, authorisation, and secrecy.

At an application level, security related configurations (as outlined in the Application Controls section of this document) are always reviewed by a second EBMS employee to ensure their compliance to the system design agreed between the client and EBMS, as well as their practicality from a security and performance point of view.

All data is hosted within Australia.

All data is hosted within Australia, regardless of which option you select.

However, if your company is based in another country, we can also arrange for a data centre in your own country.

EBMS offers multiple environments on the same server.
Usually we recommend Prod, DEV and UAT, but this can be changed as per the client’s policy.

Our world class support team is ready to help.

1300 721 159

+61 3 9958 0000

info@ebms.com.au