Security statement
Overview
expertential is delivered as a Software as a Service (SAAS) licensing and subscription model. The expertential platform is physically located on dedicated servers. These servers are held in locked racks at our data centre provider, Datacom, in Melbourne, Australia. expertential has full operational control of the servers, is responsible for their provisioning, monitoring and management and for providing support to our subscribers.
Data Facilities
Access to expertential's data centres are limited to authorised personnel only. All personnel are subjected to identity verification measures when accessing the facility. Physical security measures include: on-premises security guards, closed circuit video monitoring, mantraps, and additional intrusion protection measures. Within the data centre, all equipment is stored in locked racks. The Datacom data centre is located in Melbourne, Australia.
Data Redundancy
The expertential platform has been designed and optimised by us specifically to host our applications with multiple levels of redundancy built in. The applications themselves run on a separate front-end hardware node from that on which the data is stored (database). Any hardware failure of the computer node is quickly recoverable. Application data is stored on a RAID 10 (mirrored and striped) storage node and is replicated to a secondary storage node.
Access To Information
The expertential support team maintains an account on all hosted systems and applications for the purposes of maintenance and support. This support team accesses hosted applications and data only for the purposes of monitoring system health, performing system or application maintenance, and upon customer request via our support system. Within expertential, only authorised employees have access to application data. Additionally, our servers only accept incoming SSH connections from expertential and internal data centre IP addresses.
expertential is designed so that application data is accessible only with appropriate credentials such that one customer cannot access another customers data without explicit knowledge of that other customer's login information. Customers are responsible for maintaining the security of their own login information and expertential recommends that all customers utilise a complex, individual password (that is at least 12 characters or longer; a mixture of upper and lowercase characters; a combination of alphabetic characters, numbers and symbols). We understand the value of your corporate data, this is why the expertential system is encrypted with 256 bit protection. This ensures that all your data is delivered to you in a secure manner.
expertential's systems are regularly tested to PCI DSS standards. The Payment Card Industry Data Security Standards (PCI DSS) are a set of requirements developed jointly by Visa, MasterCard, JCB International, Discover and American Express to prevent consumer data theft and reduce online fraud. The PCI DSS represents a multifaceted standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
Backups
Backups of expertential's data occur Near Continuously (Near CDP) and are retained for seven days. Additionally, the data is replicated to a second datacentre and retained there for four weeks. All backup data is encrypted.
Certification
To augment 3rd party application penetration testing like PCI DSS, expertential has selected data centre providers that maintain industry-standard certifications.
Datacom data centres comply with INFORMATION SECURITY MANAGEMENT SYSTEM – ISO/IEC 270001 as well as INFORMATION SECURTY MANAGEMENT SYSTEM – ISO/IEC 27001. These certifications address physical security, system availability, network and IP backbone access, customer provisioning and problem management.
Privacy
expertential understands the critical importance of ensuring the privacy of your personal identifiable information. For more information please see our Privacy Policy.