Information Security Policy

Fortiro is committed to protecting your data and has implemented an end-to-end approach to data security and privacy that encompasses everything we do, including our business processes, our people and Protect.

Governed by best-practice information security policies and procedures, audited and certified for ISO 27001 by an independent auditor, we achieve compliance with confidence and security infrastructure that keeps your data safe.


  • Hosted on AWS in Sydney, Australia
  • No data leaves Australia at any time
  • Multiple availability zones for reliability

Data protection

  • Automatic data purging and deletionEncryption in-transit (min TLS 1.2)
  • Encryption at-rest (AWS-265)
  • Encryption in-transit (min TLS 1.2)

Application protection

  • Secure Development Lifecycle (SDL)
  • Web Application Firewall (WAF)
  • Distributed Denial of Service (DDoS) protection
  • Daily vulnerability scanning
  • Third-party penetration testing

Organisational security

  • Mandatory security awareness training and education
  • Employee background vetting
  • Vendor risk management
  • SIEM and incident response team
  • Disaster Recovery & Business Continuity Plans

Secure access

  • Single-Sign-On (SSO)
  • Multi-Factor Authentication (MFA)
  • Full audit logging

Compliance & Privacy

  • ISO27001 certified (view certificate)
  • Privacy Policy (view policy)
  • Capable to support CPS234 compliant customers
  • Strong, best-practice information security policies

Get a demo today

Get a demo of Fortiro’s income document verification platform to see how it can help you.