Wisenet Security Statement
Wisenet uses the Amazon Cloud Computing Platform ‘Amazon Web Services’ (AWS) to provide customers with secure, reliable and high-performance service. The AWS infrastructure includes facilities, network, and hardware as well as some operational software that supports the provisioning and use of these resources. This infrastructure is designed and managed according to security best practice as well as a variety of security compliance standards.
Physical and Environmental Security
Wisenet data centres are housed in unmarked facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff using video surveillance, intrusion detection systems and other electronic means. Authorised staff must pass two‐factor authentication a minimum of two times to access data centre floors.
Fire Detection and Suppression
Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system uses smoke detection sensors in all data centre environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet‐pipe, double‐interlocked pre‐action, or gaseous sprinkler systems.
The data centre electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, seven days a week. Uninterruptible Power Supply (UPS) units provide back‐up power in the event of an electrical failure for critical and essential loads in the facility. Data centres use generators to provide back‐up power for the entire facility.
Climate and Temperature
Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centres are conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems monitor and control temperature and humidity at appropriate levels.
Secure Network Architecture
Network devices, including firewall and other boundary devices, are in place to monitor and control communications at the external boundary of the network and at key internal boundaries within the network. These boundary devices employ rule sets, Access Control Lists (ACL), and configurations to restrict the flow of information to specific information system services.
Wisenet has designed its systems to tolerate system or hardware failures with minimal customer impact. Wisenet Infrastructure is located at two data centres. Data Centres are physically separated and located in lower risk flood plains. In addition to discrete Uninterruptable Power Supply (UPS) and onsite backup generation facilities, they are each fed via different grids from independent utilities to further reduce single points of failure. Data Centres are all redundantly connected to multiple tier‐1 transit providers.
Network Monitoring and Protection
Wisenet uses a wide variety of automated monitoring systems to ensure a high level of service performance and availability. Wisenet monitoring tools are designed to detect unusual or unauthorized activities and conditions. These tools monitor server and network usage, port scanning activities, application usage. The tools have the ability to set custom performance metrics thresholds for unusual activity.
Systems within Wisenet are instrumented to monitor key operational metrics. Alarms are configured to automatically notify operations and management personnel when early warning thresholds are crossed on key operational metrics.
Wisenet maintains documents and processes to assist operations personnel in handling incidents or issues.
Each Wisenet application is accessed via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery.
The Wisenet Production network is separated from the Wisenet Corporate network with a firewall. Access to Production systems is restricted to approved personnel only. Access and administration of logical security for Wisenet relies on user IDs, passwords and Kerberos to authenticate users to services, resources and devices as well as to authorize the appropriate level of access for the user. Wisenet Security has established a password policy with required configurations and expiration intervals.
During development all testing is performed on test servers and released to Production at the end of the development cycle.
Wisenet takes multiple data backups every day to ensure that your data is adequately stored and replicated. This is across a minimum of two separate data centres at any one time. Full data backup routine runs every night. Database transaction logs are backed-up at 12:00pm, 3:00pm and 6:00pm daily. Backups are retained for 8 weeks. Wisenet operates an entirely disk-based backup system. Data backups to customer sites can also be arranged on request.
Security ThreatsWisenet maintains vigilant security of our network and systems to protect customer data.
If you believe you have found a security issue that is not resolved by the 10 Immutable Laws of Security, please send e-mail to us at firstname.lastname@example.org and we will respond within 24 hours.
A security vulnerability is defined as a flaw in a product that makes it infeasible – even when using the product properly - to prevent an attacker from usurping privileges on the user's system, regulating its operation, compromising data on it, or assuming ungranted trust.
Please provide us with as much of the below information as possible. This information will help us to better understand the nature and scope of the possible issue.
- Type of issue (buffer overflow, SQL injection,cross-site scripting, etc.)
- Product and version that contains the bug
- Service packs, security updates, or other updates for the product you have installed
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
- Conduct an evaluation of the possible impact
- Investigate how to reproduce the issue
- Rate the severity and the likelihood that it will be exploited
- Determine whether to resolve the issue with an immediate update, or address the issue in a future release
- Communicate to customers
If we determine that a security breach has compromised customer data, we will contact you directly in order to assist with reporting the breach to appropriate authorities. We will provide you with relevant log files and technical assistance to investigate such a breach.
User training and support is critical to the successful implementation of Wisenet. Wisenet employs 'Zoom' remote desktop sharing technology to establish screen sharing sessions with users. (https://www.zoom.us). With the end-user’s permission, this technology allows our support team to see and control the user’s desktop. Zoom operates over HTTPS with Secure Socket Layer (SSL) encryption
and AES 256-bits encryption. Zoom requires only a small Java applet to be downloaded into the browser’s secure area. There is no requirement for VPN or any other firewall modifications.
Ownership & Retention of Data
The data contained in Wisenet remains the property of the paid-up licensed subscriber at all times and a copy of the data is available on request.
On termination of the contract, a paid-up subscriber will receive their data in flat file csv format within 24 hours or next Business Day. Unless directed by the customer to remove all copies of data, backups of the data may remain in Wisenet archives as part of our standard retention policies.
Wisenet contracts from Amazon Web Services to store customer data. The terms of our agreement can be found at: http://aws.amazon.com/agreement/
In order to offer high availability of the Service to customers, Wisenet operates in at least two Amazon Data Centre Regions, including Australia and Singapore.
All AWS data centres meet the following security standards, which are substantially similar the the Office of the Australian Information Commission APP Guidelines, the New Zealand Privacy Principles and the Singapore Personal Data Protection Act:
- SOC 1/SSAE 16/ISAE 3402 (formerly SAS70)
- SOC 2
- SOC 3
- PCI DSS Level 1
- ISO 27001
Further information regarding the privacy legislation please visit:
- Office of the Australian Information Commissioner
- New Zealand Privacy Commissioner
- Personal Data Protection Commission Singapore
Wisenet maintains a $5M Professional Indemnity Insurance Policy with Alliance Insurance.