1. Organisational Security Awareness
We issue guidance and provide training to our business and technical staff on an ongoing basis to ensure the delivery of your service, the systems, data, premises, etc. remain secure. There are designated roles responsible for the implementation and continuous improvement of information security.
2. Security Clearances
General staff are security assessed as part of the on-boarding process and again if their role changes to a more security onerous area of the business. Minimum standard is a Police Clearance. Specific Support or Project Staff also have AGSVA Baseline Clearance or NV1 Clearance depending on their role.
3. Colocation Security
The RMT SaaS environment is wholly hosted on RMT-owned hardware in a colocation model in the NextDC environment. This takes full advantage of their industry-leading and continually evolving security processes and practices, compliance and certifications, physical and environmental security, security tools and utilities, etc.
4. Access Control and Privacy/Confidentiality
Your data remains your property. Client Data stored in RMT SaaS delivered products is treated as confidential. Access to the data and the RMT infrastructure is strictly limited to RMT staff on a role requirement basis to enable services to be provided to the client. Client Data held in these systems is never shared with third parties without the client’s consent.
5. Security Embedded in the SDLC
Security is built in to every stage of RMT software product development lifecycle, and the change control process for the software and infrastructure. This includes security testing of the infrastructure and the RMT applications.
6. Robust Encryption
Client Data is encrypted in transit and at rest. Web traffic is encrypted using SSL accepting TLS1.2 and TLS1.3, and non-web traffic with IPSec/SSH tunneling, with AES-256 is applied at rest.
Data is encrypted from the user’s browser through to our servers
Before being saved any password is encrypted (full encryption at rest)
Client databases are isolated from each other
RMT utilises cutting-edge security processes to encrypt data and decryption keys
7. Infrastructure Protection
Infrastructure security tools are deployed to provide anti-virus, anti-malware, IDS/IPS and other controls within the RMT infrastructure.
8. Automatic Failover
The RMT SaaS has multiple redundant components (at least N+1). In addition RMT’s uses a geographically separate NextDC data centre for Disaster Recovery, within an agreed Region, with multiple, redundant, hardware and services. RMT clients can have very high confidence in RMT’s SaaS availability.
9. Extensive Logging and Monitoring
RMT use a suite of tools to provide extensive logging and monitoring of traffic, activity, config changes, performance etc. in the RMT SaaS infrastructure, with logs being stored in a robust and tamper-protected format.
10. Incident Response
RMT have incident response processes covering data loss, technology attacks, compromise of physical security, etc.