Tickit Systems is continually required to undertake maintenance on our Tickit On Demand hosted environment. This maintenance is necessary to ensure that all of our hosted systems use the most up-to-date platforms for security and performance reasons.

An urgent maintenance update needs to be applied to our LIVE environment. A requirement of this update is that our Application servers need to be restarted, and therefore Tickit On Demand will be unavailable for a short period of time.

This update will be applied to our Live environments on Saturday 18th June 2022, commencing at 11:00 am. The expected duration of the maintenance window is 5 hours, with a short period of system unavailability during this time.

If you have any questions or concerns, please contact Tickit Support for assistance.

Last month, Tickit Systems attended the 2022 Risk Management Institute of Australasia Annual Conference and Exhibition in Melbourne.

After an enforced two year break due to the Covid virus, the Annual Conference and Exhibition was an opportunity to gather together as an industry and reconnect with our peers. Despite being the first conference after exiting the numerous lockdowns across the country, it was very well attended as we all try to return to the “new normal”. The Tickit On Demand booth was popular with the conference delegates and we are looking forward to following up on the many new contacts that were made over the two days.

Our congratulations go out to the industry award winners announced during the Gala Dinner, and also to Anthony Ventura, who is stepping down after 6 1/2 years as the RMIA President.

This year, Tickit Systems increased our commitment to the RMIA Annual Conference by sponsoring the catering breaks on both days. We understand the importance of the conference for both industry education and also as a networking opportunity for risk professionals and we are proud to support and promote this great event. In addition, it provides us the opportunity to showcase our Tickit On Demand system and demonstrate our recent developments and new modules. Here are a few images from the conference;

We would like to take this opportunity to thank the RMIA for having the confidence to proceed with the Conference this year, and for giving the industry the opportunity to gather together once again. We were delighted to meet so many of our current clients, industry delegates and hopefully some new additions to the Tickit on Demand family.

If you would like to know more about the Risk Management Institute of Australia, or are interested in attending a future conference, we suggest a quick visit to their website

Tickit Systems will once again be attending the RMIA Annual Conference. This year it will be held from March 30^th to April 1^st at the Sofitel Melbourne.

The Risk Management Institute of Australasia is the largest professional risk management institution in the Asia Pacific region, and hosts an Annual Risk Conference and the RMIA Risk Awards. It is a great opportunity that brings together Risk professionals from all across the region. This year’s conference promises to give you an immersive learning experience, fabulous networking opportunities and excellent ways to connect. You’ll meet experts from all areas of risk, network with key decision makers and discover the latest and hottest topics in risk management.

Tickit Systems will once again be attending, and we will have a booth at the exhibition. Please feel free to come along to Booth 4 to say hello and have a chat.  If you want, our consultants can discuss your GRC requirements or demonstrate the Tickit On Demand GRC system, including all the new features from our latest release!

For more information about the conference, please check out the following link:

https://www.rmiariskconference.org.au

We look forward to seeing you there.

Over the course of the past 24 months, the ongoing Covid-19 pandemic has continued to impact all levels of our society. Here at Tickit Systems, we are proud that we have been able to maintain an uninterrupted level of service to all clients, allowing us to continue to develop and improve all of our products. We remain committed to the goal of Tickit On Demand being the GRC system of choice.

The latest release of Tickit On Demand, version 3.7.2, has now been applied to all client systems. This release contains over 40 new features, improvements and other fixes. Some of the more significant changes in this release include;

1. Custom fields functionality has been added to the Policy Module.
2. An Inactivity Timeout function is now available. This allows for a system-wide timeout value to be set and should any user be inactive for that length of time, their session will be automatically logged out.
3. A Result Rating can now be added when completing a Task Allocation.
4. Task Permissions have been enhanced, with the ability to restrict Task access based on the Task Category.
5. Incident module Submit button now customisable in the Incident Kiosk. This allows the wording used on the Submit button to reflect the purpose of the Incident form.

In addition to the above new functionality, we have applied multiple client-requested updates and other fixes across the system.

If you would like to know more about the contents of the latest release, the new features now available, or Tickit On Demand in general please contact us at info@tickitsystems.com.au for more information.

There has been considerable attention on a vulnerability (CVE-2021-44228) first reported on Friday, 10 December 2021, regarding specific versions of the Apache Log4J logging service. Tickit Systems takes all threats to our systems, our clients and their data very seriously.

Once Tickit Systems was made aware of the Log4j vulnerability, we immediately commenced an audit of all Tickit Systems’ products, hosted environments and third-party systems.

We can advise;

1. No Tickit Systems supplied product or service uses the Log4J Logging service,
2. No Tickit Systems managed hosting environments use the Log4J Logging service,
3. Tickit Systems has received confirmation from our suppliers that they are not affected by this vulnerability.

Therefore, Tickit Systems can confirm that our applications, hosted environments and third-party systems are not affected by the Log4J (CVE-2021-44228) vulnerability.

If you believe you may be impacted by this issue, Tickit Systems recommends following the guidance of the Australian Cyber Security Centre.

As an ISO 27001 certified organisation, Tickit Systems is acutely aware of the importance of Information Security. For this reason, we are continually developing and releasing new security features for our Tickit On Demand GRC solution. We now have a full range of security options available for our users. In conjunction with the security measures implemented in our secure hosting process, we believe that makes Tickit On Demand well positioned to meet the security requirements for your GRC system.

Secure hosting environment

All Tickit On Demand instances are hosted within a scalable, fault tolerant infrastructure. Additional server resources are deployed as required to ensure high-availability and responsiveness of the application. Our servers require RSA Certificates for Tickit System Administrators to log in to, and are firewalled with IP restrictions. The Tickit Server cluster operates on a private network that is not accessible from the outside Internet. Hosted data is partitioned into per client databases with strict database access policies (a ‘single tenancy’ application). All data is SSL encrypted, and the SSL Certificates are provided by a commercial certificate provider ensuring enhanced security for your sensitive information.

Tickit On Demand standard security features

Every Tickit On Demand instance employs a strict role-based security policy, which enforces user actions based on their credentials. Each user must be individually defined in Tickit On Demand with a userid, password and email address. The user passwords must meet the following criteria;

• Password length must be between 8 and 16 characters
• Passwords must be different to the username
• Passwords must contain both letters and numbers

Each user has individually configured user permissions, controlling access to client data and system functionality as is applicable for their role.

In addition to the standard security features, there are a number of additional security options that can be enabled. These include;

• Passwords can be set to expire in 30, 45, 60 or 90 days
• Passwords must contain both Upper and Lowercase letters
• Passwords must contain at least 1 Special character
• Password minimum length increased from 8 to 12 characters
• Prevent repeat of last 5 passwords

Tickit On Demand optional security features

In addition to the standard security features that are included with all instances, there are a number of optional security tools that can be enabled;

• IP Address Validation – Access to the Tickit On Demand can be limited to connections originating from a nominated list of IP addresses (the whitelist).
• Two Factor Authentication – This process implements a requirement for two separate forms of identification in order to access the Tickit On Demand instance. After entering the userid and password, a “One Time Password” is emailed to the user, and must be entered within a few minutes.
• Same Sign On – When a user logs in to Tickit On Demand, instead of validating the username and password within the system, these details will be validated against your Active Directory environment. A userid and password must still be entered for each login attempt.
• Single Sign On – When enabled, access to the Tickit On Demand system is controlled by your own organisation’s security framework. Once you have logged in to your network, no further entry of userid or password is required to access Tickit On Demand. The initial version of Single Sign On has been designed for use with Microsoft Azure, however if you use a different security environment please let us know and we will investigate your requirements.

If you would like to know more about any of the Security features available in Tickit on Demand, or about Tickit On Demand in general, please contact us at info@tickitsystems.com.au for more information.