Our Agreements

IT/OT Chain & Cloud Australia Pty Ltd Agreements:

  1.   IT/OT Chain & Cloud Australia Pty Ltd ensures our Policies and Procedures conform to the Australian Federal Government’s 13 Principles of Information Privacy
  2.   100% Fault Intolerance for Databases: The Board of Directors of IT/OT Chain & Cloud Australia Pty Ltd ensures we receive, view and act upon daily Security Status Reports. We guarantee the consistency of our databases to the extent of what our systems can see and do, (we refer to this as ‘External Consistency’) and that we arrange for any Extraordinary Reports (on a many-times daily basis ie at every sixth Database Checkpointing Stage, that is every 24 Block Committals), which are automatically produced in the format of an alarm message (if a breach is discovered/suspected) on the Elastos IRC chat system, and securely distributed to our Directors and all Stakeholders. All companies affected by any security, fraud or theft breaches that we discover are automatically notified upon discovery, at the same time as the directors receive their reports, meaning all member companies will receive simultaneous notifications in the first instance of any breaches. Since database operators are aware of this, we consider it unlikely that such breaches will occur, however we are aware of the need for constant vigilance.

    We call our system ChubbyCheckerChubbyChecker


    It needs to be remembered that most types of fraud and theft breaches can only be revealed by Internal & External Auditing conducted by you, in your own company’s interests.
  3. DISCLAIMER:
    The sense in which the terms “Automated Trust”, 100% FID, etc are used here should be taken to indicate that Trust in the Owners and Operators of a Database System can be guaranteed, given that the initial Coding and Development process is Transparent to all Business Customers of the developers/SaaS (Software as a Service) providers. This is because the Business Customers (with sound Governance) actually Operate their own Member Class servers under leases from the SaaS providers. As operators, they are expected to look after their own IT interests, but they are not expected to need to Trust any Operators in the system of Database server nodes. The coded system enforces Trustworthiness in a strict way, and programmatically, amongst all operational parties. The old style of Trusting one or several Systems Administrators as Superusers with ultimate control can be over. There does, admittedly, still need to be an ultimate owner or Superuser at the root of the “tree”, however this role will be taken by individual Directors of ITOTCCA, and would only be enacted on the rare occasions of major alterations to the structure and functioning of the Database System. Almost all operations will be handled by the Database Administrators, sub-contracted under the auspices of each Member-Class consortium, with a minimum set of powers to achieve their duties effectively. It would obviously be against the interests of any Director of ITOTCCA, to participate in Fraud or Embezzlement. The culture at ITOTCCA is open, honest and transparent, but watchful.
    Nevertheless, the committing of a fraudulent act by a corps of over 33% of the Member Class “sites” in a Network, acting together, is possible. Such an act would be notified automatically to all stakeholders, including all Member companies of all Member “Classes”, immediately upon the next consistency check against the Elastos Blockchain, scheduled to occur at every 24 Block committals. The Blockchains will have been programmed to record traces continuously, forming an ultimately reliable audit trail, which can be compared against the databases by starting from the last clean block on the database and obtaining (effectively) a log of the Database Operations from that point forward, as referenced by the Elastos chain. If the lists of committed transactions (together with their Block Orderings and submission and execution histories) are not consistent, as determined by 29 checked factors, an Alarm is Broadcast to all Stakeholders, and the SaaS provider’s Contingency Plan is implemented immediately. The SaaS provider’s own Governance obviously requires a sound and complete Contingency Plan for such Breaches, extending to specifying Member Companies’ contractual duties to have and understand their own External Data Inconsistency Contingency Plan. It is also necessary to detect false positive indications before taking further action.
    In all cases of an Alarm being broadcast, a Root Cause Analysis is required, where the SaaS provider is the responsible party, in consultation with all affected Members.
    However, some Fraudulent acts committed by employees of Member companies, cannot be prevented by the SaaS provider, nor detected (in the absence of an Audit of the Company’s Accounts). That is, the responsibility for the majority of Trust situations with respect to Member company employees, falls to the employer, not the SaaS provider. This is because it is quite possible to present an appearance of externally consistent and Trustworthy transactions while indulging in Fraud or embezzlement. External Consistency is not the same as Internal Consistency. Internal Auditing and a sound Culture at the company can assist.
  4. Additionally, we do provide access to Elastic’s ELK Stack, in order to monitor user activity against suspicious and unwanted use of your systems, thus preventing “insider jobs”. The ELK Stack is included with all our systems. The contribution that the we can also make here is by providing the immutable and non-repudiable (client-signed) Blockchain and Database logs and records. All transactions (and not just financial ones) are accompanied by the Digital signature of the client (person), or at least of a device owned, and registered by them on the Elastos System.
    In summary we are guaranteeing “External Consistency”, ie external to Member companies, with an additional safeguard against insider data exfiltration and illegal infiltration by hackers.
  5.   There is increasing awareness of the challenges organisations face in the arena of Machine Identity Management. We would like you to consider the ways in which, with Elastos Carrier2 and the Elastos Distributed Id Blockchain, machine identities are automatically and securely allocated at registration of the device, and that all identities are recorded on an immutable DID Sidechain. When considered in concert with the security provided by the Elastos Carrier2 system, both the transmission and recording/storage of identities is made 100% secure.
  6.   IT/OT Chain & Cloud guarantees to provide Total Quality Assurance to each customer organisation. TQA (Total Quality Assurance) means problems and ideas for improvements will be taken seriously and acted upon in a timely and appropriate way as detailed in the section on Precedence and Criticality Requirements in the formal Service Level Agreement.
  7.   A comprehensive process of consultation about the business(es) forms the basis for lists detailing the variety of tasks the system must perform, the rules to be applied and the types of data required to be recorded and reported-on. Formally linked documents specify the detail and scope of each project
  8.   Accuracy and correctness of financial accounting systems will be completely verified by an independent expert before production deployment
  9.   Accuracy and correctness of organisational and functional business management will be verified in trials by experienced workers over a period before production deployment
  10.   Accuracy, functionality and correctness of auditors interface will be verified by an independent expert before production deployment
  11.   The necessary parts of your existing “legacy” data will be crossloaded to our system, after you have arranged for your own “data-cleansing”. All data is guaranteed to be retained indefinitely, or, for an agreed period on the database and reported accurately (IT/OT Chain & Cloud acts as custodian of data)
  12.   All data is copied and archived as a normal part of Blockchain and Enterprise Database operation and will continue to be accessible through the application provided by IT/OT Chain & Cloud Australia
  13.   For companies and networks opting for a public cloud based operation, at the present stage, ITOTCCA intends to situate our centralised cloud servers in Google Data Centres in Sydney and London, enabling node redundancies globally as well as shorter local internet response times. We are aware that for many companies the risks and costs associated with that type of arrangement are prohibitive. For these networks and companies we offer pure on-premises, or hybrid private/public clouds. It is often possible to form Consortia of partiicipants, which enable internetworked private on-premises clouds, or simpler Kubernetes networks. With Elastos Carrier2 and some networking knowledge, much is possible. We offer to cooperate with the creation of a Canonical OpenStack On-Prem system, as our preferred and most economical provider. Be assured that security is not compromised, rather enhanced with Canonical, Elastos and ITOTCCA.
  14.   All forecasting reports (e.g. in OLAP modules and within Business Intelligence systems) are offered as guides in strategic planning, but it may not be taken that future values of any quantity are guaranteed in any way by any forecast or prediction and your Organisation always needs to be prudent in planning and risk analysis.
  15.   At IT/OT Chain & Cloud Australia Pty Ltd we continually monitor and improve our framework and processes for managing Risk and Safety to ISO31000:2018 Standard for Risk Management in Organisations. This includes ensuring the continuous provision of Safe Software Operation, Data Security, our Client’s rights to GOOD (Guaranteed Ownership Of Data), and continuous Business Services into the future. Additionally we are working towards ISO/IEC 27001 accreditation for our Information Security Management System (ISMS).
  16.   Guaranteed Ownership Of Data* means we will never use your data for our purposes or trade in your data or conclusions that could be drawn from such data, and that we will always act in your interests (within the law) with your data. By the nature of the Elastos Smart Web, GOOD* also means your data is safe, secure and totally private during transaction transmission, recording and reporting phases (See ‘Carrier 2’). Although we act as custodian, we are “hands off” your data, to the extent possible for proper functioning and compliance. All key client data is “client-side encrypted” in transmission and storage (with the exception of the few technical fields in your critical transaction records that we require for our own security system cross-checking. The latter fields do not contain private or sensitive information). Your/Our operators have neither READ nor WRITE access to your data. Unlike corporations such as Google and Microsoft, we are never going to seek to “analyse” your data, even if functional methods similar to the currently impractical “Homomorphic Client Side Encryption” become feasible. You should be aware that right now Google, Microsoft and others are researching methods to achieve the ability to legally analyse your data, in attempts to sidestep the requirements of Information Privacy legislation. Our belief in companies’ and people’s rights to GOOD* is just one reason we use Elastos, and aspire to the benefits of Web3 generally.
  17.   ITOTCCA’s Infrastucture Support provider is Canonical in cooperation with Enterprise DB. They are looking after our databases and servers 24/7, in the Cloud. On-premises Clouds will be staffed by appointments made by the Head Organisation in concert with their business partners. ITOTCCA reserves the right to operate a “Das_Fuhrwerk” schema and server in these Clouds for the handling of any critical transaction inconsistencies (Alarm States).
  18.   ITOTCCA supports the International Accounting Standard IFRS.
  19.   Finally, ITOTCCA fully supports the Australian Computer Society Code of Ethics. Our employment contracts and Job Descriptions carry the code as a binding set of conditions, wherein any uncertainty is referred to an appropriate senior level in our company &/or yours (if appropriate).
  20.   We offer World-Wide coverage. Our Application Tech Support Desk will be available Mon-Sat 9-8 Sydney Time/9-8 London Time (or Premium 24/7) for help in using your application, including assistance with report design and building.

security