IBIS Technology recognises its responsibility to provide a secure and robust hosting solution for our customers. We employ industry best practices to ensure we deliver a service that considers data security and business continuity as a standard.
Delivery
Our core reservations solution is delivered on the latest Windows IIS web engine, hosted on highly available servers secured behind best-of-breed networking security devices that provide ingress defence via firewall rules and heuristics. Customer data is stored on secure Azure-hosted SQL Managed Instances. Our web front-end solutions for E-Commerce and Arrivals are hosted as scalable containers running Linux and Kestrel.
Security
Our cloud-hosted services are delivered across the internet using HTTPS SSL, negotiating the highest level of encryption available using 2048-bit digital certificates. In addition to front-end security solutions, access to any customer information requires password or security token access, with the option of Microsoft SSO authentication.
Virtual machines hosting our IIS applications are deployed within a private virtual network and are not directly accessible from the public internet. Network security controls restrict inbound access to approved management entry points and trusted source IP addresses, while application traffic is limited to requests routed through the Application Gateway. This helps ensure that only legitimate, controlled traffic can reach the hosted websites. Outbound internet access is provided through a NAT Gateway, enabling necessary external connectivity without opening the servers to direct public inbound access.
Our App services are protected through a combination of private connectivity and authenticated administrative controls. External application access is provided through Azure Front Door, which serves as the approved entry point to the hosted services, while direct access is restricted through private networking and access control configuration.
Azure SQL Managed Instances support multiple security and access-control mechanisms, as well as encryption for data in transit and at rest. Azure SQL Managed Instance enforces TLS for connections, encrypts databases at rest by default with Transparent Data Encryption, and offers additional protections including Microsoft Entra authentication, auditing, advanced threat detection, and vulnerability assessment. These layered security capabilities help protect data against unauthorized access, misuse, and infrastructure-related failures. Further details can be found on the Azure website .
Redundancy
Each tier of our solution includes considerations to accommodate delivery issues that may be beyond our control. Web services are delivered via app services that are maintained for redundancy within the Azure platform. Database management provides redundancy across multiple Azure data centres, point-in-time restore for up to a week, then weekly for four months, then monthly for 12 months. Our recovery processes are tested regularly to ensure they are reliable and accurate.
PCI compliance
The IBIS application is designed to maintain full PCI DSS (Payment Card Industry Data Security Standard) compliance by ensuring that sensitive payment data is never processed, transmitted, or stored within the system.
For E-commerce transactions, IBIS integrates with industry-standard third-party payment providers, such as Windcave (PxPay), Stripe, and AfterPay. These providers handle all payment processing through secure, PCI-compliant environments.
For stored credit card transactions, IBIS stores a PxPay payment token; a unique, non-sensitive reference issued by Windcave. This token is used to verify transactions and can be used to facilitate future payments without exposing actual credit card or banking details. Since IBIS only retains non-sensitive payment tokens and never interacts with raw cardholder data, it remains outside the scope of PCI DSS requirements for storing, processing, or transmitting credit card information. However, IBIS adheres to industry best practices by ensuring that all payment integrations follow PCI-compliant workflows and secure tokenisation methods.
Service status and maintenance updates
In the event of planned maintenance, partial service disruptions, or severe outages, our team will provide timely updates through our Network Status page. This ensures all customers receive critical information as quickly as possible, and keeps them informed of any service impacts and expected resolution timelines.