FYDO Security - FYDO Wiki

Rest easy, knowing your FYDO data is protected with layered security controls designed for healthcare environments.

Secure Infrastructure

Hosted on AWS in Australia, leveraging robust cloud security and reliability controls.
High availability options are supported for increased redundancy.
Backup and restoration strategies are in place to minimise downtime and data loss.

Data Protection

Identity and access management

Supports Single Sign-On (SSO).
Multi-Factor Authentication (MFA) is enforced for account access.
Role-based access controls (RBAC) support least privilege access, users only receive the access they need for their role.
Administrative access is tightly controlled and monitored.

Security Operations, Monitoring and Auditability

Continuous monitoring and protective controls are used to detect and respond to suspicious activity.
Web application protection controls help defend against common online threats.
Centralised logging and alerting support traceability and operational oversight.
Audit trails support investigation and accountability for key system events.

Secure Development and Change Control

Secure-by-design practices are applied throughout the software lifecycle.
Changes are managed through controlled processes to reduce risk and support service stability.
Vulnerability management practices are in place to identify and remediate security issues.

Independent Testing and Assurance

FYDO undergoes regular independent security testing (e.g. penetration testing and security assessments) by third-party security specialists.
Further security documentation and evidence can be provided during procurement or due diligence, subject to confidentiality arrangements.

Incident Management

We maintain incident response processes to manage security events, including investigation, containment, and follow-up improvements.