Secure software development
We build and deliver secure software solutions applying OWASP security methodologies and best practices throughout the software development lifecycle (SDLC). Our teams undertake combinations of dynamic application security testing and manual penetration testing to identify and remedy potential security vulnerabilities in applications, products or enhancements. Rigorous security testing is performed on external-facing interfaces and APIs.
Security testing
We monitor external security vulnerability awareness sites. As part of the routine vulnerability management process, our security team evaluates exposure to these vulnerabilities and takes swift action as necessary.
Monitoring
We maintain vigilant security monitoring to prevent, detect and respond to vulnerabilities and security events. A range of security tools monitor environments, providing defence-in-depth and ensuring that security is monitored and managed at multiple tiers of the architecture.
Immutable logging
We adopt an immutable architecture, for accurate logging and auditing in all system processes. Immutability provides a tamper-resistant hardening of comprehensive Identity and Access Management policies and procedures.
Deployment segregation
Software deployed is segregated on a per-client basis in client-dedicated cloud projects and client-dedicated infrastructure, so there is no data co-mingling. Each deployment is designed to be fully independent and specifically configured for the client, their jurisdiction, and their compliance framework.
Data access
Access to databases and file storage is only accessible to internal services and an explicit white list of computers for support and management. Access control levels are set to explicit for authorised management users. Any other attempts to access the data from different computers or users is blocked. Firewall rules are used by both the server and the database to reject connection attempts from IP addresses that have not been explicitly whitelisted.
Data in transmission
All connections to web applications and databases require transport-level encryption.
Data in storage
Customer data is stored in a database that employs data encryption to help protect against the threat of malicious activity. This technology performs real-time encryption and decryption of the database, associated backups, and transaction log files at rest. Transparent data encryption protects data and helps meet compliance requirements by encrypting databases, associated backups, and transaction log files at rest.
Data loss protection
Data is backed up at frequent intervals and distributed across multiple servers and data centres to prevent or minimise loss in disaster scenarios.
security@
The public is encouraged to report security vulnerabilities by emailing security@