Last updated: June 2026

Security

Overview

ISKA is designed for courts that handle sensitive scheduling and roster information. Security is built into authentication, access control, and operational practices.

Access control

Access to ISKA requires authenticated user accounts. Permissions are scoped by organisation, module, and role. Administrative functions are restricted to authorised users.

Multi-factor authentication

ISKA supports time-based one-time password (TOTP) multi-factor authentication. Organisations can require MFA for all users; individual users may also enable it voluntarily.

When MFA is active, signing in requires a second factor in addition to the password, reducing the risk of unauthorised account access even if credentials are compromised.

Access audit logging

ISKA maintains a history of authentication and registration activity, including successful and failed attempts. Each record includes the time of the attempt, email address used, outcome, client IP address, and other technical context.

These logs support security monitoring, investigation of suspicious activity, and account lockout after repeated failed sign-in attempts. Audit records are retained for operational and security purposes.

Encryption

Data in transit is protected using TLS. Credentials are stored using industry-standard hashing. Sensitive configuration secrets are not exposed in client-side code.

Infrastructure

The service runs on managed infrastructure with network isolation, regular updates, and monitoring. Backups and recovery procedures support business continuity for customer deployments.

Security incidents

We maintain procedures to detect, respond to, and notify affected parties of personal data breaches where required by GDPR and customer agreements.

Shared responsibilities

Customer organisations are responsible for managing user access within their tenant, classifying data they enter, and using ISKA in line with their own policies. Report suspected security issues to feedback@aresplan.com.