Data Security
Introduction
Kaesim takes data security seriously. We are 100% committed to protecting your data, privacy and personal information.
Our methodology, and that of our partners, for maintaining data security and privacy protection is detailed below-
- Encryption
- Electronic signatures
- Online forms
- Secure transmission
- Secure storage
- Access control
- Incident management
- Employee security
- Physical security
- Business continuityt
1. Encryption
Your connection to Kaesim is secure and encrypted using SSL (Secure Sockets Layer). We use the highest commercially available form of encryption (AES-256bit). This is the same level of encryption used by leading banks and government agencies.
Your data is stored and encrypted using AES-256 bit encryption, both in transit and at-rest. Each file is encrypted with a unique key. This means that even if someone were able to bypass the physical security and access a hard drive, they still wouldn’t be able to decrypt your data.
2. Electronic signatures
We use the trusted services of Zoho Sign (www.zoho.com/sign/) for our legally binding electronic signature captures.
2.1 Physical security: Zoho Sign is hosted in a state-of-the-art SAS70 Type II, SSAE 16 facility that has achieved ISO 27001 certification. Physical access is strictly controlled by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors.
2.2 Audit trail: Zoho Sign creates a comprehensive transaction trail between signing parties. To provide you with a transaction history, they track and timestamp various information from the moment the document is submitted for signature to when it is completely signed and secured, such as IP address and UserAgent information.
To ensure any tampering of your transaction log is detectable, they process the transactions log with hashing technology. Should you ever need to rely on a transaction log, they are right by your side to assist you.
The Audit Trail that is appended to all executed Signature Requests includes an identifier that they can use to lookup the corresponding transaction log in their database. These records include a hash of the PDF document which they can compare to the hash of a questionable PDF document to determine whether or not it has been modified or tampered with.
2.3 Reliability: The system used to store Zoho Sign documents is designed to achieve ‘nine 9s’ of durability, with data automatically replicated in multiple data centers.
3. Online forms
At Kaesim, we’re concerned about your privacy and the security of your form data. Below are the measures we take to ensure that your data is safe –
• All Kaesim forms use SSL encryption and are always accessed over HTTPS 100% of the time for all users.
• Kaesim forms are hosted securely on the Zoho cloud platform, which is PCI (DSS) Level 1 and HIPAA compliant.
• The Kaesim forms architecture is unique and highly specialized for massive scale while maintaining data isolation. It does not use transitional databases and is not vulnerable to SQL injection attacks.
• All text data stored by Kaesim forms is sanitized to prevent JavaScript injection attacks, which someone might attempt to leverage by submitting JavaScript as entry data to maliciously access other entry data by compromising our customers browsers when managing entries.
• Sensitive data, such as Tax File Numbers and other personally identifiable information, is encrypted at rest (not only in transit). This means your data is still protected even if inadvertently emailed or otherwise transmitted in an insecure way.
We know there are evolving threats to data security, and we will continue to refine our processes to
ensure the safety of your data in Kaesim forms.
4. Secure transmission
When you load a page in your internet browser, or upload documents/information to Kaesim, all information is encrypted using 256-bit SSL encryption. This is the same level of encryption used by leading banks and government agencies.
In addition, our IT Department operates within key guidelines and processes tailored to the specific secure data transmission requirements of the financial services industry.
5. Secure storage
Your data is stored on servers that have strict access protocols. The facilities are controlled with 24/7 monitoring, and the technology is digitally protected –
- End point data protection.
- Workstation and solution encryption.
- Company backups encrypted.
- Complex password enforcement.
- Two-step password verification enforcement.
- LastPass for single sign-on.
We also operate 100% paperless where possible to further secure the storage of your data.
6. Access control
Data access is strictly controlled in all our operating environments –
- Computer terminals are locked after minutes of inactivity.
- Mobile storage devices are blocked.
- Access to data-sharing websites is blocked.
- Access to high risk websites is blocked.
- Email controls/restrictions in place.
- Computers log onto a network domain and users have unique accounts.
- Network shares are correctly controlled via Access Control Lists.
7. Incident management
To detect and respond should a data security incident occur –
- Our monitoring systems poll key services and devices every 60 seconds.
- In the event of a failure our 24/7 on call IT team is notified to address the issue in accordance with
the impact on our business.
8. Employee security
Employee and contractor controls assist ensuring the security of company and client data –
• Strict human resources screening policies ensure only suitable candidates employed/contracted.
• Induction processes incorporate our security guidelines.
• Clearly documented staff exit procedures protect our client’s personal and financial information.
• Every employee and contractor is security checked.
• We induct, train and retrain our staff and contractors.
• All employees and contractors are supervised.
• Appropriate employee and contractor work conditions are implemented.
9. Physical security
Environment security is controlled via the following procedures –
• Our building is manned by security guards on all entrance and exit points.
• Our office has bio-metric scanners for controlling and recording all staff movements.
• Our IT Department implement secure solutions for local workstations and servers.
• Our IT Department implement secure VPN’s and VLAN’s for client’s workstations.
• Workstations protected by market leading Antivirus & Firewalls and public facing devices are
regularly patched and updated.
• Workstations are scrutinised prior to deployment by a second staff member.
10. Business continuity
We maintain maximum operational uptime and data redundancy using these protections –
• We have multiple levels of redundancy in our internet connectivity and core hardware including
switches and firewalls.
• Disaster recovery and expansion options located in Melbourne and Sydney.