Security

Physical Security

Our head office is monitored by CCTV and have 24-hour security present. They are equipped with alarm systems, fire suppression, and armed response. Centralised storage, where used, is within secured areas with access control restricted to named users.

Data Security

We have strict internal Bring Your Own Device policies, and devices owned by staff members are segregated when connecting to our networks.

Encryption

We believe in using strong encryption both at rest and in transit.

Data at rest in the forms of regular backups are encrypted at backup time prior to being transferred to longer term storage. Backups are encrypted using AES 256-bit encryption.

In transit encryption is achieved by Transport Layer Security (TLS), or where applicable, IPSec Tunnels.

Authentication and Passwords

Password complexity is configurable to your requirements, our standard password complexity is a minimum of 10 characters, including uppercase and lowercase letters, numeric, and special characters.

Access Control

Logical access to our servers for maintenance is strictly controlled internally. Any access is saved to audit logs, and privileged accounts are more strictly controlled than regular accounts.

Solutions hosted within our online platform are logically segregated, preventing cross-site scripting and privilege escalation between accounts and tenants.

From an application point of view, customers of ours are given full rights to manage their own access control within the system. As such, it is the responsibility of the customer to ensure that their access control to the system is managed according to good practice.

Our datacentres and hosting locations are outsourced to industry leaders, who maintain strict control and security of the environments. Security controls include physical access control, logical access control, and Intrusion Prevention systems.

Intrusion Prevention

Our head office is secured by alarm systems, 24/7 access control and CCTV systems. While we do not host your services at our administrative offices, we maintain strict control over who has access to our internal systems. All systems are access controlled and are inaccessible to non-employees or designated team members. Centralised storage is located within our secured cloud or within a secure server room with strict named access control.