Bowtie Master

Security & Infrastructure

We’re serious about strong security, availability and privacy. That’s why we’re Cyber Essentials Plus certified! Cyber Essentials Plus is a UK Government backed, audited, minimum standard scheme that protects against common cyber attacks. 

How we keep your data secure:

Bowtie Master is made up of the following key architecture components hosted on cloud infrastructure powered by Microsoft Azure Platform as a Service (PaaS):

  • Web Portal (Vue CLI) – User interface providing all functionality and features served via secure socket layer (SSL) via HTTPS endpoint with encryption in transit between web portal and API data and authorisation services.
  • Auth & API Service (.NET Core App Service) – Data services facilitating all data GET, POST, PUT and DELETE operations via API secured by standard JWT token with 5 minute access token expiration window and 60 minute token refresh principle.
  • Azure SQL – Database storage for all tenant data sets segregated by tenant identifiers only accessible from app service with no external/

Bowtie Master is deployed on a designated cloud environment within Microsoft Azure and therefore adopts the existing Azure security framework as part of the infrastructure security policy, please refer to the Azure Security information for further details.

Accounts are password protected and are automatically locked out after multiple failed attempts. Single Sign-On (SSO) and Multi-Factor Authentication (MFA) are available to all users.

Using a Secure Socket Layer (SSL) for all data transfer requests to and from the website will ensure that the web platform data transport may not be compromised by any potential attacks.

Sensitive data such as personnel details and credentials will be encrypted at rest within the application database using irreversible one-way hashing algorithms. This ensures that any compromise of database data will not lead to exposure of sensitive data.

Azure application environment monitoring features configured with appropriate application insights and alarm settings notifying support personnel of any vulnerabilities or infrastructure issues.

  • PITR (Point In Time) Restoration – Up to 7 days any minute of the day
  • Weekly backups – For a maximum of 4 weeks
  • Monthly backups – For a maximum of 12 months

Check out our help centre or contact us