Formlify Security, Jurisdiction and Confidentiality

Formlify was developed to accommodate clients needing specific requirements for hosting, accessing and managing sensitive data. Infrastructure is exclusively hosted in Australia within the CIBIS Virtual Private Cloud (VPC) located at Amazon Web Services in Sydney. No data is communicated or stored offshore.

Our client base includes local government, healthcare, higher education, and organisations handling passport details, visa, health, education, financial and other personally identifiable information.

Confidentiality

CIBIS staff have completed National Police Criminal Records Checks due to certification requirements and to further ensure data confidentiality is protected. Access to systems and client data is governed by strict role-based access controls, ensuring personnel can only access information required to perform their duties. Security awareness and operational security practices are embedded throughout the organisation to support the ongoing protection of sensitive information.

Encryption & storage

Data encryption occurs during transit to the VPC, with persistent storage in non-publicly accessible databases. Security implementation incorporates PCI DSS standards through a heterogeneous combination of various technologies supported by robust policies, procedures and systems. Formlify's security architecture aligns with key PCI DSS principles, including the protection of sensitive data through strong encryption, secure network segmentation, controlled access mechanisms, vulnerability management processes and comprehensive monitoring. Security controls are regularly reviewed to ensure they remain effective against evolving threats and continue to support compliance obligations.

Where payment processing integrations are utilised, Formlify is fully compliant with the PCI-DSS 4.0.1 standard maximising the protection of sensitive payment information, payment workflows and reducing organisational and merchant risk.

Audit trails

The system maintains complete audit trails; users, forms and responses cannot be deleted, though response data retention policies are supported. Comprehensive logging and monitoring capabilities support accountability, incident analysis and compliance reporting requirements also supporting forensic investigations. This helps organisations demonstrate governance and security compliance.

Infrastructure

Infrastructure includes multiple firewalls from different vendors, with regular external penetration testing. Access requires individual unique user accounts with no shared accounts.

A standby VPC provides backup capability while data always remains onshore within Australia's jurisdiction. Network security controls are designed in accordance with PCI DSS best practices, including layered defence strategies, restricted administrative access, continuous monitoring and regular vulnerability assessments. Security testing, patch management and infrastructure reviews are performed routinely to identify and address potential risks before they can impact client environments.

Compliance & Risk Management

Formlify's security framework is supported by documented policies, procedures and operational controls designed to align with industry best practices and regulatory requirements. Risk assessments, security reviews and change management processes are conducted regularly to maintain the integrity, availability and confidentiality of client data. CIBIS is also certified to ISO 27001, the international standard for Information Security Management Systems.

By combining Australian sovereign hosting, strong access controls, encryption, monitoring, vulnerability management, ISO 27001 and PCI DSS aligned security practices, Formlify provides organisations with a secure platform for collecting, processing and managing sensitive information with confidence.