BMS- IT Services QCCP Initiatives
IT Cyber Security Initiatives
Cyber Security refers to the protection of all electronic data that is accessible via all computer systems such as software, hardware, and network. Sufficient Cyber Security initiatives will protect sensitive data against malicious attacks in the form of viruses, worms, spyware, and other hacking methods.
CrowdStrike
CrowdStrike Falcon protection is a next-generation anti-virus that provides Blooms The Chemist with security protection from cyber threats by acting as a breach prevention service. The agent scans, and monitors all endpoints (computers, servers, registers) on our network in real time 24/7 against any potential security or data breach.
Mimecast
Mimecast is a multi-layered email security solution that protects our business against Phishing, spam, business email compromise, malicious URLs, and ransomware. It integrates with Microsoft Office 365 (which offers its own security practices), to prevent us from receiving unwanted emails. All inbound and outbound emails to and from blooms.net.au are inspected, scanned, filtered, and journaled by Mimecast based on policies, email attributes, virus signatures and Mimecast AI. URLs(links) within the body of emails are scanned and attachments are detonated in until they can be observed for malicious activity. Emails matching certain conditions are held for release by the end user if they are a low threat, e.g., unwanted marketing or a senior administrator if they are a higher threat. Mimecast allows us to inspect the metadata of any emails that we might suspect as suspicious before releasing them to the recipient.
Ninja RMM
Ninja RMM is used for secure remote access to store computers but is also used for Microsoft Windows and select third party software Patch Management. Patch management consists of scanning computers, or other machines on the Blooms network for missing software updates, known as “patches” and fixing the problem by deploying those patches as soon as they become available. Patches may include feature updates, but also important security updates. From January 2020 Microsoft Windows 7 is no longer supported by Microsoft, meaning it will not receive security patches and therefore Patch Management applies to Windows 10 Professional computers only. Ninja RMM is also used for conditional alerting, self-healing, scripting and remote system management and diagnostics.
Macquarie Telecom NBN & SDWAN
Macquarie Telecom provides Blooms The Chemist with a business dedicated NBN service that includes high-speed broadband and SD-WAN which lets our network administrators see which stores are up, down or at risk. It acts as a firewall to prevent any penetration attacks and allows internet traffic to be managed and monitored. The solution also includes a 4G backup device that ensures the pharmacy never goes offline and trading is never impacted. Macquarie Telecom use dynamic key encryption at the packet level, which means your data is secure no matter which link it travels on. Their encryption is from origin to destination, meaning there are no weak points for hackers to exploit.
Ethical Hacking or Penetration Testing
Blooms IT Services regularly conducts penetration testing. This involves liaising with a company that will attempt to penetrate our network and identify any potential risks in our IT landscape. Those risk factors are recorded and projects to mitigate those risks are prioritised on the IT roadmap. This ensures we are maintaining best practice standards and staying steps ahead.
Cyber Security Policies & Standards
Blooms The Chemist has rigorous IT policies and standards to ensure that teams are adhering to best practice. They include but are not limited to:
- Network infrastructure Configuration
- Change Management
- Incident Management
- Email Usage
- Endpoint Protection
- Gateway Management
- Information classification and handling standard
- Log management and monitoring
- Media Management
- Mobile Device and Remote Working
- Operating System Hardening
- Patch Management
- Privacy
- Secure Application Development
- Security Assurance
- Trust Model
- Vendor & Service Provider Management
- Vulnerability Management
- Web Content and Connections
- Application Hardening
- Asset Management
- Backup and Archiving
- Cryptography and Key Management
- Database Systems Management
- E-mail Gateway and Server
- Identity & Access Management
IT Software & Hardware
POSWorks
POSWorks is used as the Point-of-Sale system for all Blooms The Chemist pharmacies. It is a requirement for our IMS (Inventory Management System) to ensure that all stores have stock readily available including medication. Patient and medical data is encrypted and is stored on the store’s servers. Further information can be found on their website: https://www.posworks.com.au/pharmacy/pos-works/
DispenseWorks
DispenseWorks is used as the Pharmacy dispensing application for all Blooms The Chemist pharmacies. With an intuitive workflow design with fully integrated e‑prescriptions and MIMS or AusDI, has made pharmacy dispensing easier and safer than ever. Seamless integration with POS Works means that accurate pricing and current stock-on-hand data is provided via RealSync. DispenseWorks integrates with all other pharmacy applications such as DDBook and MedAdvisor. Further details can be found on their website: https://www.posworks.com.au/pharmacy/dispense-works/
Microsoft Office 365
Blooms The Chemist utilises Microsoft Office 365 for best-in-class productivity applications for email, document management, video conferencing, spreadsheets and more. All stores, partners and retail managers are provided a Blooms email address; however, the pharmacies have the option to purchase these email accounts for other staff members. With our own domain (blooms.net.au) it includes a range of robust security capabilities, such as identity and access management, threat protection, information protection, and security and risk management.
Ring Central
Ring Central is the Blooms IT Services recommended and managed telecom provider that gives stores a flexible, mobile, and powerful cloud phone system. It is user-friendly, can be set up in minutes and is accessible 24/7 anywhere with an internet connection making it an excellent option for business continuity. It offers multiple layers of security, such as VoIP, SSO, roles, permissions, and enterprise grade global cloud infrastructure.
Hardware as a Service (HaaS)
Hardware as a Service is designed to provide Blooms The Chemist stores with hardware that is accompanied by software, maintenance, installation, upgrades instant availability and express shipping. This ensures that stores always have the most up to date and security compliant hardware that is never out of warranty and readily accessible. Stores can choose to upgrade or downgrade Registers, Dispense PC’s, Label Printers, Scanners, PDAs and more at any time with HaaS. By providing the same or similar model devices; support, configuration and maintenance is more efficient meaning pharmacy services are never impacted by redundant hardware. HaaS also includes the core server bundle (Server, Network Switch, Network Attached Storage, Network Wireless Access Point Bundle, Tower UPS) all of which can be centrally managed and supported.
Engage
Engage is the tool Blooms The Chemist uses as it’s Intranet. It is an internal website that is used for sharing information, improving communication, access to collaboration tools such as click & collect or the health services booking system and providing online training regarding procedures, pharmacy practices, healthcare products, legislation and more.
Data Governance
Data Security
Blooms data is encrypted and access to that data is restricted by a password or multi factor authentication wherever possible. All POS replication traffic is secured via VPN, backups are encrypted, file shares are limited to active directory users and remote access to Blooms systems is managed by IT and secured via password and MFA. All initivives mentioned in this document relate to the security of Blooms The Chemist data.
Data Backups
Data backups are managed and monitored by IT using Acronis Cyber Protect. Acronis is a server backup that is enhances with cyber protection. A next-generation, AI-powered antimalware engine scans backups as they’re created and as they’re retrieved to ensure data integrity. Every store is backed up daily to a NAS and critical data is replicated offsite to Acronis Cloud storage. All backups are encrypted with individual randomly generated passwords.
Disaster Recovery Plan
In the event of a disaster where data is lost, a disaster recovery plan will be initiated depending on the level of failure. These range from a basic recovery (e.g. data restored from Acronis backup data located on the store NAS – shortest RTO) through to a full restore from Acronis Cloud offsite storage (e.g. store destoryed by fire, flood, etc – longest RTO).