The security strategy for Creditlogic is based on a layered defence approach incorporating preventative, detective and reactive controls at the infrastructure, application and operational (people and process) layers to ensure that the integrity, availability, and confidentiality of Creditlogic and our customers information assets is assured and maintained.
We adhere to the principles of Security by design and default throughout the full service lifecycle from the Software Development Lifecycle (SDLC) through service commissioning and operation.
Defence in Depth
In delivering service to Creditlogic customers we employ a “defence in depth” approach, implementing multi-layered defence at the technology layer (including but not limited to secure application design, strong authentication and access control, firewalls (stateful/Web Application Firewall), antimalware, system hardening, encryption, data loss prevention and reporting) to ensure that there is always a contingency control available in the event of the failure of a primary control.
- Access to mission critical systems are strictly controlled and monitored. All user/application access to cloud services is managed using IAM users and IAM roles set for each of the accounts. User authentication includes a combination of 3 factors user name, credential and a physical security key for multi factor authentication.
- All customer-provided data, stored in our environment is encrypted with AES-256 Encryption.
- We partner with a class lending cyber security solution provider, specializing in vulnerability detection and intelligence technology to perform penetration testing and real time continuous attack surface management.
Information Security Management System (ISMS)
Information Security practices in CreditLogic are based on the ISO 27001 (2013) framework and these define the requirements of our service to a granular level. In order to ensure adherence to the highest standards of Security and Service management Creditlogic has implemented ITIL based service management which ensures incident, problem and change are consistently managed.
Our environment implements security and privacy by design and default at all levels – infrastructure, application and service
The system utilises the inherent replication of the cloud environment as well as back ups to ensure data integrity and recovery capabilities in the event of a disruption.
Actionable security intelligence
Our cloud implementation is designed to match industry recognised security standards (CIS) and ensures this is maintained automatically.
Pervasive Monitoring and measurement
Our environment requires no hands-on management- everything is software-defined and deployed and managed via industry-standard tools and the native monitoring capability of the cloud – this dramatically reduces downtime and issues for customers.