How do you keep my information secure?
Businesses view online security as a fundamental responsibility, this means they want assurance that the companies and systems they utilise are ahead of any threats. That in turn they are leading and winning the battle, and will continue to do so.
Online data is precious, it must be secure when it is stored and when it is transmitted, and it must be kept private.
Our clients can have confidence that SaferMe is proactive about maintaining and improving security on an ongoing basis.
SaferMe is committed to providing the highest quality security. We will continue to utilise and partner with companies that share our security philosophy. Our ongoing mission is to put ourselves, and our customers at the forefront of online security, ensuring that we win the arms race.
SaferMe takes security very seriously, we build security into everything we do, and we treat our clients data as a primary concern.
SaferMe Online Security
The processes that SaferMe undertakes are constantly evolving to best meet our clients, and our own, expectations.
We only allow access to all site data at senior management level, being our Chief Executive Officer, and our Head of Development. We have appropriate succession planning in place if either person is incapacitated.
At a lower level, access to critical systems is restricted to a bare minimum, and we retain the ability to restrict or revoke access at any time.
SaferMe follows industry best practice for building security into everything we do.
RFC 2196: SSL, X-Site forgery, salting passwords, management of security keys and infrastructure access, cold storage for especially critical keys. Code review, Integration testing, and quality assurance procedures.
Code review: No code is released into production without first being personally checked by our Head of Development.
Integrated testing: Any change that could cause a security vulnerability will cause code to be automatically rejected.
Quality assurance procedures: Professional SDLC - all code is tested twice and quality assured twice.
Automation: Automated notifications of any unusual behaviour, with 24-hour on-call response.
RFC 2196: Site Security Handbook.
We further increase our security through obscurity, our API is not published, and the visibility of SaferMe infrastructure is opaque.
We are also committed to minimal handling of secure systems, only very few people have ever had access, and this will continue.
Data security at rest and in flight
Online data is precious, it must be secure when it is stored and when it is transmitted. SaferMe secures data when it is stored, and utilises infrastructure platforms with proven track records that implement industry best practice for data at rest. No data is kept on client devices, a lost phone or device does not mean a lost business.
All transmitted data is encrypted to maintain security and privacy of data.
Third Party Infrastructure Capability
SaferMe is hosted on premium infrastructure utilised by the world’s preeminent companies. World leading infrastructure platforms; Heroku, and AWS (Amazon Web Services) undergo ongoing high-quality security management.
Customers include: Toyota, Westfield, Best Buy
SOC 1 and SOC 2/SSAE 3402 (Previously SAS 70 Type II)
PCI Level 1 (payment card)
Customers include: Amazon, Dow Jones, HTC, Adobe, Netflix, Pinterest
PCI Level 1 (payment card)
DSS (Data Security Standard)
Online data needs to be backed up both digitally and physically. Our business backs up data via online infrastructure, and our providers implement best practices and adhere to strict codes of compliance with their backup policies. This grants peace of mind for both our business, and our clients.
As with all areas of security, we are constantly reviewing our backup policies to make sure we are operating as a responsible business, and are ready and able to react if necessary.
SaferMe software has been designed in accordance with best practice to maintain privacy. We are focused on ensuring the data that we store meets required privacy regulations, and that we partner with companies that share this philosophy. We aim for data to be private both at rest and in flight.
The SaferMe team has broad experience in online security, our Head of Development has worked on many high risk projects where security is critical, in a recent project his work was regarded as ‘a commendable and laudable effort’ by Lateral Security, an independent security and intrusion testing company.
Our team is at the forefront of online security and have an ongoing commitment to being experts in secure environments. They are university trained, with years of experience, and have been responsible for the online security of some of New Zealand's most recognised companies. This also includes members of the board, ensuring security is understood throughout the organisation.
We also have security experience at the governance level of our business, with one director being the CEO of a successful and well respected Software Reliability company.
SaferMe will continue to grow our team, expanding our knowledge base, to best meet our clients needs.
SaferMe is proactive about security, and we will always have security goals to meet.
We are looking forward to our upcoming security achievements:
Compliance with GCSB guidelines and standards, allowing us to work with New Zealand Government departments, and increase our value to our commercial clients.
expanding our knowledge base, to best meet our clients needs.
SaferMe has significant experience working in secure environments, policies and procedures in place to maintain security, and our ongoing commitment to maintain security standards.>
We have engaged world leading infrastructure, and employed expert personnel, with a focus on keeping your data safe.