Sophisticated security strategy
CreditLogic’s security strategy is based on a layered defence approach. It incorporates preventative, detective and reactive controls at the infrastructure, application and operational (people and process) layers.
This ensures the integrity, availability, and confidentiality of CreditLogic’s information assets and those of our customers is assured and maintained.
We adhere to the principles of security by design and default throughout the full service lifecycle from the software development lifecycle (SDLC) through service commissioning and operation.
Strict information security
User authentication is multi-factor, and includes user name, credential and a physical security key.
All customer-provided data stored in our environment is encrypted with AES-256.
Our cybersecurity solution partner specialises in vulnerability detection and intelligence technology to perform penetration testing and real-time continuous attack surface management.
Defence in depth
To make sure our customers are truly protected, we implement multi-layered defence at the technology layer. This includes but isn’t limited to:
- secure application design
- strong authentication and access control
- firewalls (stateful/Web Application Firewall)
- system hardening
- data loss prevention and reporting.
Our approach ensures there’s always a contingency control available if a primary control fails.
Information security management system (ISMS)
Our information security practices are based on the ISO 27001 (2013) framework. This defines our service requirements to a granular level.
To ensure we adhere to the highest standards of security and service management, CreditLogic has implemented ITIL-based service management. This means incidents, problems and changes are consistently managed.
Rock-solid design principles
Our environment implements security and privacy by design and default at all levels – infrastructure, application and service.
The system uses the inherent replication of the cloud environment as well as back-ups to ensure data integrity and recovery if there’s any disruption.
Actionable security intelligence
Our cloud implementation is designed to match industry-recognised security standards (CIS or Center for Internet Security) and ensures this is maintained automatically.
Pervasive monitoring and measurement
Our environment requires no hands-on management at your end.
Everything is software-defined, deployed and managed through industry-standard tools and the native monitoring capability of the cloud.
This dramatically reduces downtime and issues for customers.