Dcisive production services are designed to be resistant to failure with multiple front-end servers and replicated back-end databases. Our core services use serverless architecture with auto-scaling capability and are configured to use multiple availability zones for redundancy.

Your data is protected through automated backups, performed at regular intervals, allowing for point-in-time restores. These backups are stored in geo-redundant locations and retained for 30 days, ensuring it remains secure and recoverable even in the event of an unexpected incident.

In the event of a catastrophic Azure facility failure, we can switch over to a backup to keep your business running. We run regular simulated disaster recovery drills so you can have the confidence your data is readily available. 

We support compliance with data sovereignty and localisation requirements. All data is stored in the region you selected during sign-up. For backup purposes, your data is replicated to a paired region within the same country (e.g. Australia East is paired with Australia South-East). Otherwise, user data is not replicated between regions and will remain in its original region. 

All customer data at rest is encrypted in the Dcisive production databases using the industry standard AES256 encryption algorithm. Encryption keys are managed by the underlying cloud provider and rotated according to provider best practices. 

All network traffic to Dcisive production services uses TLS 1.2 or greater with a limited set of modern secure ciphers enforced. Security headers are applied to all production endpoints where possible. 

Dcisive supports a wide range of identity providers with single-sign-on (SSO) using SAML and OAuth2, including Microsoft Entra ID, Okta, and Google Workspace. This enables you to enforce sign-in requirements such as multi-factor authentication (MFA).

Additionally, Dcisive implements role-based access control (RBAC) to ensure users have the least privilege necessary to perform their tasks, enhancing security and minimizing risk.

Dcisive actively monitors ongoing security, performance and availability 24/7/365, with our AI-powered SIEM providing

additional automated threat detection and response. 

​

Access to Dcisive infrastructure is protected by multiple layers of security including, but not limited to, Multi-Factor authentication (MFA) and just-in-time Privileged Identity Management (PIM). Additionally, we store centralized logs of all administrative employee access and commands run on our infrastructure. All user actions and admin commands are audited and retained.

All Dcisive source code is managed by a company managed source code repository. Source code is scanned using a suite of open source and proprietary tools, which will alert on insecure coding that could lead to vulnerabilities. Access to the source code repository is restricted based on job role with the identity linked to the company single sign-on platform. Merges to source code require a peer review. Pull requests to the main branch are performed by senior engineers. 

We implement secretless deployments across all our production systems, ensuring that passwords and secrets are never stored directly in our code or configuration files. Instead, we utilize Azure Key Vault, a secure storage service, to safeguard these sensitive details. By leveraging managed identities to retrieve secrets at runtime, we significantly reduce the risk of unauthorized access and data breaches. 

​

Internal access to key vault is strictly limited based on the employee’s job role, with the least privileges assigned. 

Production services are deployed through a CICD pipeline. The entire Dcisive platform uses serverless technology. This means that the operating system and application stack are fully managed by Azure, ensuring you are always protected with the latest updates. 

Our software is scanned for dependency and 3rd party library vulnerabilities daily. All vulnerability reports are triaged, analysed, and assigned to the engineering team for remediation based on vulnerability management SLAs. 

Our SaaS platform is hosted on Microsoft Azure, which offers industry-leading security and compliance features. Azure complies with a broad set of international standards and certifications, including ISO 27001, SOC 2, FedRAMP, IRAP, and many others. View the comprehensive list.