Who has access to my data?
In short, and as security practitioners ourselves, we know that platform security is critical. SECTARA leads security assurance in this this class of SaaS application and has the following arrangements to preserve data confidentiality, integrity and assurance:
- SECTARA has been assessed as compliant with the Australian Government’s IRAP certification scheme. A direct comparison with the scheme lies in the fact that there are around three times as many controls for our platform than those documented under the ISO 27001 standard.
- Data that you create within SECTARA™ is encrypted at rest and in transit using TLS and AES.
- By design, only two System Administrators have access to SECTARA’s live data environment; both are Australian citizens and hold high-level Government security clearances.
- Policies restrict those System Administrators from accessing Sensitive Data (such fields simply show as “Restricted’ from the back end).
- Other than through customer use/access, there are no circumstances where assessment data leaves the production environment.
- All users are able to apply multi-factor authentication to their accounts.
In order to facilitate commercial activities, such as providing support to SECTARA™ subscribers, SECTARA™ administrators have strictly controlled access to other information (names, email addresses etc.)
Our SECTARA Website and Service Terms and Conditions define security arrangements more generally.