| 1 | What are the locations from which services will be provided? / In which data centres or facilities the Customer's data will be stored or processed? | Maytech services can be provisioned at a data centre location of Customer’s choice ensuring the compliance with local and international data regulations. Operating Data Centre hubs can be found on Maytech's Data Residency page. On sign up, a Customer selects a service hub from the option list. Data is never transferred or replicated outside the chosen hub. |
| 2 | Describe any specific dependencies on third party vendors for you to deliver the proposed contracted services, e.g. hosting, cloud services, development, etc. | We use third party data centres to deliver the hosting services. Take a look at the full list here. Where you require a data processing agreement for GDPR compliance, the relevant third party will be documented. |
| 3 | What are your security requirements for supplier relationships (data centres)? | Each data centre meets, or exceeds, Tier 3 data centre standards. Any supplier must, at a minimum be ISO 27001 compliant and Soc 1 and 2 compliant as applicable. Third party supplier compliance reports can be provided upon request. |
| 4 | Can you confirm that your data centre location(s) supports twin connection resilient Internet breakouts with guaranteed bandwidth? | Maytech data centre locations support twin connection resilient Internet breakouts with guaranteed bandwidth. |
| 5 | Does the solution provide high-availability and fault-tolerance that can recover from events within a data centre? | Maytech’s platform is highly-available and a resilient web application and continues to function despite expected or unexpected failures of components in the system. If a single instance fails or an entire zone experiences a problem, Maytech’s application remains fault tolerant—continuing to function and repairing itself automatically if necessary. Because stateful information isn’t stored on any single instance, the loss of an instance—or even an entire zone—should not impact the Maytech platform’s performance. |
| 6 | Describe the physical security controls in place at the locations where Customer's data (or those of its customers) will be stored or managed. | Maytech data centres feature a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data centre floor features laser beam intrusion detection. |
| 7 | Can data be moved without prior agreement from the Customer? | No, data is never replicated outside the chosen data centre. |
| 8 | What procedures exist to ensure the data integrity of the Customer's information assets used in production systems? | The Customer's data on the Quatrix server is transient and not modified on our systems. Any integrity check required by the Customer should be performed at source and at destination. |
| 9 | Is data stored in a secure manner, accessible only to officers of their subsidiaries or their approved representatives? | Yes, the Customer controls data and service access policy. |
| 10 | Are backup tapes sent to an offsite storage facility? | By default we do not backup offsite, we backup to a SAN within the data centre. Backups on the SAN are encrypted at rest and in transit. |
| 11 | Describe any cases where Customer's data will be shared with, or made accessible to, third-party providers. | We never share Customer's data with third parties. |