Security

Information Security Management

Darzin Software follows an ISMS (Information Security Management system) as outlined in ISO27001.  All datacentres used globally have been certified to the ISO27001 standard.

The Darzin application architecture consists of the following key elements, regardless of location:

•  Secure ISO27001 certified datacentre
• Outer shared secure firewall
• Inner dedicated DMZ firewall
• Secure separation of Web/App and database secure zones, with access control lists
• Dedicated virtual machines, no shared applications
• Secure encrypted (SSL) Internet access to the Darzin application
• Backup
• Management and monitoring of all platforms.

High security data centres

Darzin servers are all certified to the ISO 27001 information security standard. The Sydney data centre is also certified as a “secure area” in accordance with the Commonwealth Protective Security Manual 2005, and conforms to the ASIO T4 Standard required for government application hosting.
These accreditations mean the data centre has processes and procedures to the satisfaction of ISO 27001 and ASIO T4 specifications to protect:
• Confidentiality of digital assets
• Integrity of digital assets
• Availability of digital assets

Our datacentre provides us with 99.99% proven uptime network guarantee.

Secure data transactions

The Darzin application uses SSL/TLS for secure communication:

• Darzin web traffic is secured using 256 bit SSL encryption (2048 bit certificates), a cryptographic protocol that is designed to protect against eavesdropping, tampering and message forgery. It provides the same level of protection offered by financial institution websites which makes it very unlikely that the content of website traffic can be monitored by an unauthorised party.
• (SSL 2.0 & 3.0 is disabled by default) TLS 1.2 encryption, certificates with 2048 bit keys

Privacy Legislation and Data Security

Darzin is compliant with the Privacy Legislation and Data Protection Act in terms of maintaining firewalls, secure storage of the data and SSL encryption, as well as not using any information in your database. Your users are in total control over the collection and use of contact information.

• In recognition of the privacy legislation, we also allow users to create ‘anonymous’ reports without identifying names or contact details of the stakeholders making the comments. In this way, your users are protected from inadvertently breaching the information privacy principles (section 14 of the Act).
• Your data always belongs to you and you have the right to have that data at any time you request.