Frequently Asked Questions

The following information is provided as a guide for our client’s data security requirements.
Additional detailed project specific information is provided during development and implementation.

General

Security Documentation

WMAD maintains documented policies and procedures including (but not limited to)

  • Information security policy
  • Physical security standard
  • Network security standard
  • Information classification standard
  • Asset registers
  • Incident management procedures
  • Business Continuity Plan
  • Application Development security standard
  • Log Management and Monitoring standard
  • Access Control Standards

Physical & Environmental Security

Yes we have dedicated servers where your site will be hosted in the High Security Data Center of AWS hosted in Australia.

Operational Security

We have daily malware security checks. Server network firewalls are also installed. A dedicated server team monitor server 24/7

We use 3 Tier architecture to built into this platform. All data i.e. Login, Registration, Shopping cart, Member Panel are encrypted. Each process is encrypted. The code is highly secure

All passwords are Encrypted

  • Use of both upper-case and lower-case letters (case sensitivity)
  • Inclusion of one or more numerical digits
  • Inclusion of special characters, such as @, #, $
  • Minimum 6 character required

All users have a unique identifier their own use so that activities can be traced to the Individual responsible user.

We do manage system/user activity. We have an inhouse system built to maintain these records. Each user has a dedicated desktop to work on the Rewards platform. All data is been stored in log files which also record all daily activity

Network Security

We are using the AWS Network – Sydney Data Centre and dedicated servers. All networks are restricted to only one user. Firewalls have been installed to protect the network

We have it installed on a dedicated AWS server. We have Multiple firewalls, Two-factor authentication software, ICAM software and three-factor authentication. We have a log management system with multiple alerts to provide complete defence.

Information Systems development & maintenance

All applications are reviewed and tested on each change before implementation into the live Environment.

Access is restricted to the minimum of users. All programs and systems have user restrictions. A daily auto back up and log files are maintained.

We have a test Environment where the Rewards Platform is tested before going live. This environment is restricted to the WMAD team only.

We perform Vulnerability Assessment and Penetration Testing (VAPT) on a regular schedule.

When an incident is reported or assigned to the IT Security team, the team performs a detailed 3. incident analysis and risk assessment. Incident Categories are Unauthorised Access, Denial of 4. Service, Malicious Code, Data Leakage, Improper Usage, Investigation. Each incident is given to 5. the Team to take resolve based on the priority of the incident.

We have a stand by team and our platform is tested and reviewed daily.

We have email notification and an SMS is sent to our team if any security breach has occurred outside of business hours. The team work 24/7 on the dedicated server so team handles the issue immediately if there is an attempt to breach data security.

Compliance

Infrastructure and IT related

No. As we don’t provide any access to any parties outside of WMAD. All code is secure and protected which is accessed through only our dedicated IP location.

Cloud Related

All data is hosted in Australia in the AWS Data Centre

There is no Control panels. Access is only through the dedicated IP address of the IT team. The server is scanned and protected by AWS security measures.

The system is hosted remotely accessed with only the one dedicated IP address of the IT Team.