AGTRIX DATA SECURITY
Plain English Policy
This document outlines the data storage infrastructure Agtrix own and maintain from a data security perspective, and gives information on how security protocols are implemented consistent with data custodianship principles.
Disclosure and Limit of Warranty
Agtrix holds no vested interest in any agricultural production enterprises, so can act impartially with all clients.
The data captured by the Agtrix suite of products is not sensitive in nature, and Agtrix collects only very limited personal information by design. Therefore any data breach is unlikely to result in any harm to the entities concerned.
While we will take utmost care in maintaining security of the data recorded in our systems, use of Agtrix’s systems is pursuant to acceptance that Agtrix is not responsible for any consequential damages claims as a result of the use of Agtrix systems.
Data Custodianship, Ownership and Access
As a general principle, the supplier or person recording any data will remain the owner of that data, although other users may automatically gain access to that information as a result of having appropriate authority to access other data in Agtrix systems (for example farms).
A number of types of data are stored in Agtrix systems, being:
- Spatial Reference Data, including (a) paddocks and farms, and (b) loading zones. These are typically supplied by a mill or factory that manage this data on behalf of their supplying growers.
- Spatial Background Data, including aerial or satellite imagery, maps and other raster layers that are used in the system as background to the mapping.
- Recorded Data, or data concerning planning, recommendations, inspections, and activities that is recorded by users of the systems via the data entry forms provided.
Planned changes to farm/ paddocks/ crops, or data that is recorded by users, but that will be of use to maintain the base Spatial Reference Data integrity and accuracy over time.
- Vehicle/ Personnel Tracking Data, or data that is collected using GPS tracking devices fitted to vehicles or carried by a person, this may include consignment data.
- Sensor data, or data that is collected from sensors and conveyed to Agtrix servers using a variety of communication protocols for storage, access and interpretation
- Weather Data, or data that is sourced from the Bureau of Meteorology, field weather stations or recorded by users manually concerning daily average, maximum or minimums for various meteorological parameters.
Data access to the various data types in Agtrix Systems is controlled by the Security Model, which can be configured to reflect the access rights and responsibilities of the various System Roles.
As a provider of supply chain solutions, Agtrix systems provide for multiple parties to view one, or a number of these types of data sets. Data rights are typically configured to reflect the System Roles that a user or organisation has/provides to the system. These System Roles are:
- Technology Provider – ie. Agtrix
- Access to all data that has been supplied in the system
- Agtrix do not own data supplied in the system.
- Agtrix will not provide data to any party who doesn’t have security rights beyond that which is provided for them in the agreements already made with Agtrix.
- Access rights to all data in the system for means of support, backup, and with permission demonstration.
- Agtrix owns the platforms, databases and contexts used in delivering this system including the IP of the data recording context.
- Spatial Reference Data Provider – ie. Organisation responsible for either providing or coordinating the collection of the Spatial Reference Data.
- The providers of this data will own that data, but acknowledge that any Agdat user which has access to a farm will be able to view and potentially download that spatial data. This doesn’t convey to the user the right to pass that on or any ownership of that data.
- Agdat does not have control over what derivatives or re-engineering is undertaken from the spatial reference data. Therefore access to the spatial reference data needs to be permitted with this understanding.
- The spatial reference data provider has no ownership of the data recorded ‘on top’ of this by grower or grower representative agency.
- Grower Representative Agency – ie. Organisation or Agency who represents and provides support to end-users, and takes responsibility for data.
- Support of the users associated with the farms
- Agtrix assumes the Grower Representative Agency have been permitted access by the data owners, to the recorded data that is granted to them initially by the spatial reference data provider.
- Agtrix request that Grower Representative Agencies will provide clear terms of agreement to their end-users to cover if the Grower Representative Agency will have access to Recorded Data, and to what level that Recorded Data may be passed on to Third Parties.
- There would be data that these Grower Representative Agencies are collecting themselves, and they will have ownership to that data.
- The Grower Rep Agency, is the agency the Growers trust to maintain grower access and to be able to make decisions on their behalf about third party groups who wish to receive data from the system.
- Summaries or reports based on grower data will only be provided to third parties outside the Grower Representative Agency by those Grower Representative Agencies.
- Vehicle Tracking Owner – ie. where a GPS logger is fitted to a vehicle
- The data collected is owned by the organisation paying for the tracking, and it is assumed that the owner of the vehicle has given permission for the GPS tracking data to be forwarded to that organisation.
- User Security Administrator.
- In some cases the responsibility for allocating particular rights to see certain farms will be delegated by Agtrix to a Local Grower Representative Agency, and within that agency the User Security Administrator will be employed.
- The Spatial Reference Data Providers and the Users (ie. As Growers/data recorders) delegates authority to the nominated Security Administrator to to make security changes.
- Advisors – ie. Agronomists
- Certain third party agents may be given rights to see data on farms and data recordings.
- As defined by separate data sharing agreements with the data owner.
- Users – ie. Growers
- Users own the data that they record on their farms.
- The sharing of this information is based on the agreements that they have with processors, productivity boards, grower representative agencies.
Requirements for agreements
In order to facilitate the smooth and transparent implementation of the data security model, Agtrix require a minimum set of factors to be included within data agreements. In a typical implementation of this data security policy (refer Appendix 1), the following parties would require some form of data sharing agreement:
- Spatial data providers and the Grower Representative Agency
- Grower Representative Agencies and Third Parties
- Advisors and Spatial Data Providers or Grower Representative Agencies
Data sharing between the following parties is taken to have an implicit agreement:
- Spatial data providers and Grower Users.
- Grower Representative Agencies and Grower Users.
- Spatial Data Providers and Tracking Vehicle Owners
Agreements made between these parties need to stipulate certain minimum details, in particular:
- To name the entity to conduct ‘User Security Administration’. For example growers access to farms for users is either managed by:
- spatial data provider themselves through a web service provided by the spatial data provider; or
- is delegated to a Productivity Board to maintain; or
- Agtrix to maintain.
- Grower Representative Agencies, with the role of granting access to third parties, should include in their agreements what (if any) third parties data may be provided to and in what form (eg. detailed, summary by farm, anonymous farm data, or regional summaries).
Access to data entered into AgDat is controlled by a sophisticated security model that is based on rights to see farms, “contexts” (the forms that are used in AgDat to record information), and vehicles. In some cases, fields within those forms can also be hidden from some users through security settings, even when they may have access to both the farms and contexts.
All access to the data recordings are controlled by user names and passwords, so these need to be kept private for security reasons.
User names and passwords are created in AgDat using a security application, and managed by Agtrix. Agtrix is investigating a way that the security can also be maintained by power users that have been given security permissions to do so, but that will only be for a set of farms that they have permission to manage.
Access to AgDat can also be managed through links from trusted web sites, such as grower web portals. In such cases, the farms (and vehicles) that a user can see is passed to Agtrix from the originating web site, and that user session will have access to all information specified in that link. This allows user access rights to be maintained in one location and provided to AgDat from the current security settings o the source web site.
Organisations and individuals will be able to see only data that they have been granted rights to see, for the farms that they have been granted permission for. Agtrix seeks instruction from the organisation which created the data or supplied the data with regard to the access that should be granted for that data.
A typical configuration is shown in Appendix 1 – Agtrix Typical Data Permissions for an Agricultural Industry.
Data Storage Infrastructure
Agtrix servers are hosted at a Tier 3+ Data Centre in Brisbane. This Data Centre has redundant power sources and internet connectivity to ensure the maximum possible up time. They guarantee 99.9% up-time.
The Servers are configured in a HyperV Cluster with 2 active hosts, connected to a Dual Redundant Raid Array. This means that there are 2 physical computers (HyperV Hosts), on which the client machines run. The disks for both machines are shared, and that there is redundancy in that disk array to prevent data loss if a disk fails.
The advantage of this configuration is that in the event of a server hardware failure, the Client OS’s can be migrated between hosts with no data loss, and will automatically continue operating on the other host.
The operation of all servers and web sites are all monitored by an external third party, and our support staff are notified by SMS and emails should there be any system or web failures.
The Client databases are have a full Backed Daily at 6pm to a separate server in a different location within Data Centre. Full Backups are kept for 7 days (all 7 days are kept), and a weekly for 10 weeks on site. Backups are transferred monthly to an offsite location.
Further technical details are given in Agtrix Data Storage Infrastructure – Technical Overview.