Security
Information Security Policy
Fortiro is committed to protecting your data and has implemented an end-to-end approach to data security and privacy that encompasses everything we do, including our business processes, our people and Protect.
Governed by best-practice information security policies and procedures, audited and certified for ISO 27001 by an independent auditor, we achieve compliance with confidence and security infrastructure that keeps your data safe.
Infrastructure
- Hosted on AWS in Sydney, Australia
- No data leaves Australia at any time
- Multiple availability zones for reliability
Data protection
- Automatic data purging and deletionEncryption in-transit (min TLS 1.2)
- Encryption at-rest (AWS-265)
- Encryption in-transit (min TLS 1.2)
Application protection
- Secure Development Lifecycle (SDL)
- Web Application Firewall (WAF)
- Distributed Denial of Service (DDoS) protection
- Daily vulnerability scanning
- Third-party penetration testing
Organisational security
- Mandatory security awareness training and education
- Employee background vetting
- Vendor risk management
- SIEM and incident response team
- Disaster Recovery & Business Continuity Plans
Secure access
- Single-Sign-On (SSO)
- Multi-Factor Authentication (MFA)
- Full audit logging
Compliance & Privacy
- ISO27001 certified (view certificate)
- Privacy Policy (view policy)
- Capable to support CPS234 compliant customers
- Strong, best-practice information security policies
Get a demo today
Get a demo of Fortiro’s income document verification platform to see how it can help you.