System Security
Overview
Contacts Plus utilises firewalls and encryption, which is used to protect all data and our applications. Databases have built in security that prevents unauthorised access. All transactions are user and IP logged. Our data is securely stored in a Tier 1 Data Centre with no single point of failure and with a fully scalable world-class infrastructure. Contacts Plus complies with the Privacy Act in the management of personal information.
Our Corporate Security Program is comprehensive, proactive and designed to ensure that all information is secure whether you choose to do business with us through our website applications, XML web services or bureau.
Contacts Plus conforms to the highest industry accepted security practices:
Internal processes
All staff of Contacts Plus that have access to the systems or data sign a compliance certificate warning them of the consequences of any authorised use our data and through our systems.
External processes
Contacts Plus will insure that all companies sign the appropriate contracts for access to the data. These contracts will highlight the consequences of any misuse by the company and that it’s the responsibility of the company to ensure that their internal process enforces the terms and use of the data.
Security Measures
The security of the data and our systems is of the utmost importance to Contacts Plus and as such we have protected against mis-use through a number of measures. They include:
- Data is only ever be accessible through the applications provided.
- All companies wanting access to our systems are firstly vetted ensuring they are authorised in using the data provided by Contacts Plus.
- Before access to the systems is allowed all organisations must sign access agreements and contracts and are, therefore, bound by our Terms & Conditions of use and are fully aware of any civil or criminal penalties that apply for the mis-use of the data.
- All access to our products and services are logged, providing an auditable record of which users accessed what data and at what time.
Physical Security: The data is stored and held on site in a data centre for the duration of the job. The data centre has redundant power and data. The hardware is locked in our own rack.
System Security: The architecture of the application is n-tier.
Client data is stored inside of a trust-zone, which is behind a DMZ. (i.e. the product is supported by best practice application architecture). Access to the application is via username and password that has industry standard strength requirements.
Our products have passed third party PCI DSS compliance tests.