Introduction

This document provides an overview of the architecture used to deliver the platform.

The platform built utilising modern architecture that uses containerisation to deliver scalability and resilience. The platform is built with both security and high availability in mind. This is achieved through ensuring that:

• We use recognised frameworks with strong security credentials and follow strong security practices
• We have no signal point of failure for any uses we utilised or deploy
• We use world leading infrastructure providers who are at least PCI DSS and ISO 27001 accredited and hold external audits for SOC 2.
• We employ third-party security CREST approved experts to perform detailed penetration tests on different applications within our platform to ensure the safety of our customer data
• We operate an approach that is fully compliant with the UK’s Data Protection Act and EU GDPR

Amazon Web Services (AWS) Services

AWS is a world leading cloud infrastructure provider. The AWS infrastructure is secure by design and AWS hold multiple industry-recognised certifications and audits including ISO 27001, SOC 1, SOC 2 and PCI DSS.

Shared responsibility model

The application is deployed onto the AWS infrastructure, as such both AWS and CybSafe have responsibility for the application, the data stored and how it can be accessed. AWS have the responsibility of their global network including the physical hardware, the physical infrastructure access, network locations and the software used control their environments. CybSafe has the responsibility for (but not limited too) ensure applications are designed and deployed securely, appropriate access controls are in place, audit and logging is enabled and backups and disaster recovery plans and processes in place.

Utilised services

• Route 53
• CloudFront
• Virtual Private Cloud (VPC)
• Elastic Kubernetes Service (EKS)