IBIS Technology

IBIS Technology recognises its responsibility to provide a secure and robust hosting solution for our customers. We employ industry best practices to ensure we deliver a service that considers data security and business continuity as a standard. 

Delivery 

Our core reservations solution is delivered on the latest Windows IIS web engine, hosted on highly available, load-balanced servers secured behind best-of-breed networking security devices that provide ingress defence via firewall rules and heuristics. Customer data is stored on replicated databases to ensure rapid disaster recovery through MSSQL log shipping failover. Our web frontend solutions for E-Commerce and Check-in are hosted as scalable containers running Linux and Kestrel, with a replicated MySql database cluster. 

Security

Our cloud-hosted services are delivered across the internet using HTTPS SSL, negotiating the highest level of encryption available using 2048-bit digital certificates. In addition to frontend security solutions, access to any customer information requires password or security token access, with the option of Microsoft SSO authentication.

Amazon S3 supports multiple access control mechanisms, as well as encryption, for both secure transit and secure storage at rest. With Amazon S3’s data protection features, your data is protected from both logical and physical failures, guarding against data loss from unintended user actions, application errors, and infrastructure failures. The various data security and reliability features offered by Amazon S3 are described in detail here: http://aws.amazon.com/s3/details/#security. Azure is also very secure, further details can be found on the Azure website . 

PCI compliance

The IBIS application is designed to maintain full PCI DSS (Payment Card Industry Data Security Standard) compliance by ensuring that sensitive payment data is never processed, transmitted, or stored within the system.

For E-commerce transactions, IBIS integrates with industry-standard third-party payment providers, such as Windcave (PxPay), Stripe, and AfterPay. These providers handle all payment processing through secure, PCI-compliant environments. 

For stored credit card transactions, IBIS stores a PxPay payment token; a unique, non-sensitive reference issued by Windcave. This token is used to verify transactions and can be used to facilitate future payments without exposing actual credit card or banking details. Since IBIS only retains non-sensitive payment tokens and never interacts with raw cardholder data, it remains outside the scope of PCI DSS requirements for storing, processing, or transmitting credit card information. However, IBIS adheres to industry best practices by ensuring that all payment integrations follow PCI-compliant workflows and secure tokenisation methods.

Redundancy 

Each tier of our solution includes considerations to accommodate delivery issues that may be beyond our control. Web services are delivered by load-balanced server farms, with log-shipped MSSQL databases hosted in Azure Australian datacenters which replicate every 15 minutes during business hours and are backed up to secure AWS S3 cloud storage held in Australia. Our recovery processes are tested regularly to ensure they are reliable and accurate. 

Service status and maintenance updates

In the event of planned maintenance, partial service disruptions, or severe outages, our team will provide timely updates through our Network Status page. This ensures all customers receive critical information as quickly as possible, and keeps them informed of any service impacts and expected resolution timelines.