Security

Our Body Corp is committed to maintaining the highest levels of data security available. Cloud-based technology is deployed to ensure the integrity and security of data, while also seeking to ensure that information held is only available to those with authorised access.

Through partnering with outside specialist providers, Our Body Corp can ensure that data is subjected to daily backup on an encrypted data server, protected by firewall technology.

All information that is submitted to Our Body Corp is protected both on and offline. Our web pages that request information use the Hypertext Transport Protocol Security (HTTPS) protocol, which allows data to be transferred in an encrypted form known as Secure Sockets Layer (SSL).

All data is stored and managed through Cloud hosting technology provided by Rackspace Hosting Australia Pty Ltd. Rackspace has earned high levels of certification required to operate Cloud-based data management systems.

 

Rackspace Data Centre Security

Physical Security

Physical Security includes locking down and logging all physical access to our data centre.

  • Data centre access is limited to only authorised personnel
  • Badges and biometric scanning for controlled data centre access
  • Security camera monitoring at all data centre locations
  • Access and video surveillance log retention
  • 24×7 onsite staff provides additional protection against unauthorised entry
  • Unmarked facilities to help maintain low profile
  • Physical security audited by independent firms annually

 

Operations Security

Operational Security involves creating business processes and policies that follow security best practices to limit access to confidential information and maintain tight security over time.

  • ISO 27001/2 based policies, reviewed at least annually
  • Documented infrastructure change management procedures
  • Secure document and media destruction
  • Incident management function
  • Business continuity plan focused on availability of infrastructure
  • Independent reviews performed by third parties
  • Continuous monitoring and improvement of security programme

 

Network Infrastructure

Network Infrastructure provides the availability guarantees backed by aggressive SLAs.

  • High-performance bandwidth provided by multiple network providers
  • Elimination of single points of failure throughout shared network infrastructure
  • Cables properly trunked and secured
  • Proactive network management methodology monitors network route efficiency
  • Real-time topology and configuration improvements to adjust for anomalies
  • Network uptime backed by Service Level Agreements
  • Network management performed by only authorised personnel

 

Environmental Controls

Environmental Controls implemented to help mitigate against the risk of service interruption caused by fires, floods and other forms of natural disasters.

  • Dual power paths into facilities
  • Uninterruptable power supplies (minimum N+1)
  • Diesel generators (minimum N+1)
  • Service agreements with fuel suppliers in place
  • HVAC (minimum N+1)
  • Smoke detectors
  • Flood detection
  • Continuous facility monitoring

 

Human Resources

Human Resources provides Rackspace employees with an education curriculum to help ensure that they understand their roles and responsibilities related to information security.

  • Reference checks taken for employees with access to customer accounts
  • Employees are required to sign non-disclosure and confidentiality agreements
  • Employees undergo mandatory security awareness training upon employment and annually thereafter

 

Security Organisation

Security Organisation includes establishing a global security services team tasked with managing operational risk, by executing an information management framework based on the ISO 27001 standard.

  • Security management responsibilities assigned to Global Security Services
  • Chief Security Officer oversight of Security Operations and Governance, Risk, and Compliance activities
  • Direct involvement with Incident Management, Change Management, and Business Continuity

pci_0 logos-iso-27001soc2

soc3

 

 

 

 

 

For more information on Rackspace technologies, visit their website.

ssl-cert

 

Pin Payments Security

Our Body Corp offers two methods of payment by the user to the proprietors for the use of the Our Body Corp program: Credit Card transaction, or Electronic Funds Transfer between financial institutions. Our Body Corp uses the payments provider Pin Payments to process Credit Card transactions. Below is a Security Statement issued by Pin Payments.

Pin Payments takes several steps to prevent unauthorised disclosure or modification of sensitive information.

 

PCI Compliance

Our software, systems and procedures have been assessed and certified to PCI Data Security Standards.

 

Security Audits

Pin Payments’ Product and website are subject to periodic manual and automated security audits. Audits are conducted internally as well as by third parties.

 

Sensitive Information Storage

Credit card information is encrypted and stored in a system completely isolated from Pin Payments. At no time is unencrypted card data stored on disk either inside Pin Payments’ system or in the card storage system. Internally card information is referenced only through the use of a token. The token is not derived from card information in any way.

 

SSL

All requests to our website and API are forced to use HTTPS to ensure encrypted communications.

 

PinJS

Pin.js is a small javascript library which you can use to dramatically reduce the scope of your PCI compliance obligations. Using Pin.js allows a website to accept payments without ever handling credit card data.

 

For further information regarding Security, Privacy and Our Body Corp Terms & Conditions go to www.ourbodycorp.com.au.