Information Security & Compliance
Data Security
We have established an Information Security Management Framework helping us ensure you are confident with Smart Communications hosting your data as if it was stored locally within your own network. We have built security into our products to safeguard your most valuable asset, your data. This is accomplished by assessing risks and continually improving security by upholding the confidentiality, integrity, and availability triad of the service. We regularly review and update information security policies, carry out internal information security training, perform application and network security testing, monitor compliance with information security policies, and conduct internal and external risk assessments.
Encryption
Encryption serves as the last and strongest line of defense of our security strategy. Smart Communications uses encryption to safeguard your data and helps you maintain control over it. We use TLS with up to AES-256 encryption in transit. Data at rest is protected by using FIPS140-2 standards compliant encryption. Backups are encrypted up to AES-256.
Operational Management
We have in place policies and procedures designed to ensure that your data is secure and backed up to a separate physical location. Our teams are continually evaluating new security threats and implementing countermeasures designed to prevent unauthorised access or unplanned downtime of the service. Access to the SaaS environments are to authorised members of the Smart Communications team with multi factor authentication enabled.
Data Center Security & Redundancy
We work with top-tier data centre providers to ensure that we can deliver services to your organization confidently on a platform you can trust. Data centres provide the necessary means to operate 24 x 7 and protect data from physical damage and network issues.
Compliance
Smart Communications operates under strict compliance standards
PCI DSS
Smart Communications has achieved compliance with PCI-DSS for its SaaS co-location deployment.
PCI DSS (Payment Card Industry, Data Security Standard) is a set of comprehensive requirements for enhancing payment account data security established by international financial institutions. It was developed to support the broad adoption of consistent data security measures on a global basis.
SOC 1 and SOC 2
Smart Communications has completed SOC 1 and SOC2 Type II reports for its SaaS co-location and SaaS AWS deployments.
The American Institute of Certified Public Accountants (AICPA) has developed the Service Organization Controls (SOC) framework, a standard for controls that safeguard the confidentiality and privacy of information stored and processed in the cloud.
HIPAA
Smart Communications has obtained an independent third-party opinion on its compliance to HIPAA Security Criteria for its us SaaS co-location and AWS deployments.
Under the Health Information Portability and Accountability Act (HIPAA), certain information about a person’s health or health care services is classified as Protected Health Information (PHI). HIPAA applies controls in order to protect PHI.
ISO/IEC 27001:2013
Smart Communications has achieved ISO/IEC 27001:2013 certification for its for its SaaS co-location and SaaS AWS deployments.
ISO/IEC 27001 is specification for an Information Security Management System (ISMS), which is a framework for an organization's information risk management processes.
IRAP
Smart Communications has completed the Information Security Registered Assessors Program (IRAP) Assessment in Australia.
IRAP ensures cloud technology providers comply to the strict security protocols defined by the Australian Signals Directorate (ASD), which supervises signals intelligence, cyber warfare, and information security throughout the country. Smart Communications AWS APAC (Sydney) Region was IRAP assessed on 18th February 2021 against the PROTECTED classification.
FSQS
The Hellios Supplier Qualification System (FSQS) certification
Smart Communications is committed to responsible business practices that meet regulatory requirements and compliance standards. In order to demonstrate our commitment and credential in servicing the financial sector, we have become fully registered on the FSQS supplier qualification system.
VERACODE
Application Name: SmartCOMM
Veracode Verified Team builds on the security processes embedded in the development lifecycle from Verified Standard to include the following security gates:
• Assessment of open source components
• Documentation that the application does not include Very High or High flaws
• Documentation of a 60-day remediation deadline
• Identification of a Security Champion within the development team to ensure secure coding practices are used across the development lifecycle
• Provides training on secure coding best practices for the identified security champion