Business Continuity & Security Policy

AppCan is a Software as a Service (SaaS) platform, providing a mobile and cloud-based service for the capture of field data, delivery of electronic documents and sending of alerts to users.

There are four interconnected components to the AppCan platform:

  • AppCan Cloud – A cloud-based portal to build apps, manage users and analyse data.
  • AppCan XP – A mobile application (Apple and Android) for the capture of data, viewing of documents and reading of alerts.
  • AppCan API (Application Programming Interface) – Two-way data interface between AppCan Cloud and AppCan XP.
  • AppCan Data Warehouse – Used for reporting e.g. PowerBI or other report tools

It is intended that this document will provide the basis for a relatively quick and painless return to “business as usual” regardless of the cause.

Objectives of the plan

To provide a flexible response so that AppCan Ltd can:

  • Respond to a disruptive incident (incident management)
  • Maintain delivery of critical activities/services during an incident (business continuity)
  • Return to ‘business as usual’ (resumption and recovery)

System monitoring and Service level Agreements

Whilst we monitor our systems (with automated alerts of system issues) to ensure they are running at optimal performance, there could be times where an event could occur which may cause the AppCan platform to stop functioning, either in whole or part.

Although we have built significant resilience into the platform, we have robust incident management procedures and Service Level Agreements in place to mitigate and limit any disruption to business.

In the event of a critical (Category 1 Defect) failure, this should be reported to AppCan Ltd immediately via the following methods:

  • Email: support@appcan.co.uk
  • Office Tel: 0208 133 1222
  • Boyd Neal (Director): 07947 778907
  • John Anderson (Director): 07768 855289

Our definition of a ‘Defect’ is as follows:

‘Category 1 Defect’ means a material defect in the system which prevents it from operating at all, or which causes a vital portion of the system to fail to function.  This extends to primary failure of an area key to the operation of the business.

  • A Category 1 Defect will be assessed within one hour of being notified by telephone, email or in person.
  • AppCan will advise the Client of the expected time frame for the Category 1 Defect to be remedied.
  • AppCan will use its best endeavours to fix the Category 1 Defect with all reasonable speed.

If a Category 1 Defect occurs, all clients will be notified by email or telephone, our help pages will also be updated with information about the defect and expected resolution times.

‘Category 2 Defect’ means a failure or defect in a non-critical portion of the application.

  • A Category 2 Defect will be assessed within 4 hours of being notified by telephone, email or in person.
  • AppCan will advise the Client Representative of the expected time frame for the Category 2 Defect to be remedied.
  • AppCan will use its reasonable endeavours to fix the Category 2 Defect with all reasonable speed.

‘Category 3 Defect’ means a defect whereby the system, while capable of operating, could be improved through enhancements that would increase its ability to function, speed of operation or ease of use.  For example, a change to operational flow of the site to improve user or administrator experience.

‘Category 4 Defect’ means a failure or defect in the cosmetic aspects of the site, which would be improved through graphical and other design elements.

  • Category 3 and 4 defects are considered enhancements and are not covered under business continuity.

Microsoft Azure

AppCan exclusively use the Microsoft Azure platform for the delivery of our solution.  Our choice for using Microsoft Azure is based around the scalability of the platform, high availability, redundancy, security of data and sustainability.

Azure is fully managed by Microsoft on our behalf (including software and patch updates).

Our Azure production servers are located in the United Kingdom, and configured with ‘Geo-Replication’, which will automatically failover to other Microsoft Data Centre in the event of a failure (using Azure Site Recovery).

Our SQL Database servers also support geo-replication between regions (e.g. West Europe and North Europe).

App Services use Azure Traffic Manager which will allow traffic to be automatically routed to the active App Service.  This also ensures AppCan XP traffic is routed to the correct data centre.

Although any failure would automatically failover, there may be a requirement to configure services manually, our development and network team would carry out any changes required as a Category 1 Defect.

AppCan have a comprehensive set of monitoring and alert tools in place to ensure the AppCan platform is operating at optimum levels. These monitoring tools also provide alerts of potential issues, which we proactively use to prevent any degradation of performance or failure.

Our development and network team monitor the server infrastructure and address any issues as they arise.  Should we require support from Microsoft, we have SLA’s in place and access to the required representatives to enable a quick response.  We also work with approved Microsoft Partners to provide additional technical support as required.

In addition to the resilience of the Azure platform, it also provides us with the functionality to scale AppCan as required to meet usage demands.  For instance, our API is load-balanced and automatically creates additional threads as usage increases during the day, and then closes out the threads as usage reduces.

File and Database storage is continuously monitored and increased as demand requires, to prevent any degradation of service.

Microsoft Azure publish their uptime SLAs for all their platforms and services here:  https://azure.microsoft.com/en-gb/support/legal/sla/summary/

Their 99.95% uptime is better or comparable with all other robust cloud platforms.

Software Updates

AppCan Cloud & API

From time to time, we need to update AppCan Cloud for the purposes of:

  • New feature deployments
  • Bug fixes
  • Security updates

All software updates are comprehensively tested, through User Acceptance Testing, prior to release on our internal ‘Staging’ and ‘Development’ environments, to ensure compatibility with the requirements and existing code.

AppCan Cloud deployments usually takes place in the evenings (5pm or later), and the AppCan platform will be unavailable for just a few minutes, although any critical updates would be applied at any time depending on the urgency.

Some of our software deployments do not require any downtime through the use App Services (e,g API), which allows for the deployments to be made live.  We are currently working to make all our system App Services compatible, to remove the need for any downtime.

AppCan Mobile (AppCan XP)

From time to time, we need to update AppCan XP for the purposes of:

  • New feature deployments
  • Bug fixes
  • Security updates

All software updates are comprehensively tested, through User Acceptance Testing, prior to release on our internal ‘Staging’ and ‘Development’ environments, to ensure compatibility with the requirements and existing code.

Since our mobile app supports both Apple and Android operating systems and devices, any updates submitted will require approval before they are released on the Apple App Store or Google Play Store.  We do not have any control over the deployment timescales, but generally Google approve within hours and Apple approve within 24 hours.  We do have the option to ‘escalate’ releases with both Apple and Google, should it be necessary.

AppCan XP will always be available for download on the relevant App Stores, whilst a new version is awaiting authorisation.  Depending on how our clients manage their device assets, if they are set to auto-update (either at setup or via MDM, Mobile Device Management), the latest version of AppCan XP will be automatically installed.

Client Responsibility

Whilst the onus is on AppCan to manage the resilience of our platform, there are some elements which sit outside our control and are reliant on our clients to manage:

  • The client should ensure they run anti-virus software on all their computers to prevent the spread of malicious code.
  • AppCan XP is supported on the latest operating system for Apple iOS and Google Android operating systems, and the one version prior. It is the responsibility of the client to ensure all devices are kept up to date, to avoid any failures caused by outdated operating systems.
  • Whilst AppCan XP includes comprehensive compression of media (photos / signatures), the client should ensure devices issued to users provide sufficient storage for business needs.
  • The client should ensure adequate data packages are purchased for each SIM installed on their mobile devices.

Security

AppCan take security very seriously.  We have detailed below the security measures that we have taken to ensure your data is secure:

  • We use Microsoft Azure for our cloud hosting and all data is encrypted at rest by default (SQL databases, file storage etc).
  • Both mobile operating systems, iOS / Android, are encrypted at rest if a passcode or other personal authentication method is used.
  • Data captured and held on AppCan XP is encrypted, provided a passcode, Touch Identification or Face Identification is active.  It is recommended practice to ensure all mobile devices have a passcode / Touch Identification / Face Identification activated.  This can be activated on the device or via Mobile Device Management (MDM) if available in the client business.
  • AppCan uses the standard security technology (SSL – Secure Sockets Layer) for establishing an encrypted link.  This allows sensitive information to be transmitted securely.   All data transferred between AppCan XP & AppCan Cloud is encrypted so that it cannot be read by anyone except the recipient.
  • AppCan Cloud provides a Timed Log Out and will log a user out after 2 hours of inactivity.  This gives added protection if you forget to log yourself out.
  • AppCan Cloud and AppCan XP will automatically disable your access to if three incorrect attempts are made to log in using your details.

Recommended Security Protocols

  • Set up a Passcode to lock your handset – remember not to use Passcodes that are easy for someone to guess.
  • Don’t tell anyone your login details and never store them on your mobile device in a way that might be recognised by someone else.
  • Change your AppCan Cloud / AppCan XP password immediately if you suspect anyone else may have gained access to it.
  • Never divulge your Passcode, password or full security details in response to a call, email or text.
  • When using Wi-Fi, think about whether the Wi-Fi is secure before using it.
  • Always make sure you log out of AppCan Cloud / AppCan XP when you’ve finished.
Scroll to Top