Through partnering with outside specialist providers, Our Body Corp can ensure that data is subjected to daily backup on an encrypted data server, protected by firewall technology.
All information that is submitted to Our Body Corp is protected both on and offline. Our web pages that request information use the Hypertext Transport Protocol Security (HTTPS) protocol, which allows data to be transferred in an encrypted form known as Secure Sockets Layer (SSL).
All data is stored and managed through Cloud hosting technology provided by Rackspace Hosting Australia Pty Ltd. Rackspace has earned high levels of certification required to operate Cloud-based data management systems.
Rackspace Data Centre Security
Physical Security includes locking down and logging all physical access to our data centre.
- Data centre access is limited to only authorised personnel
- Badges and biometric scanning for controlled data centre access
- Security camera monitoring at all data centre locations
- Access and video surveillance log retention
- 24×7 onsite staff provides additional protection against unauthorised entry
- Unmarked facilities to help maintain low profile
- Physical security audited by independent firms annually
Operational Security involves creating business processes and policies that follow security best practices to limit access to confidential information and maintain tight security over time.
- ISO 27001/2 based policies, reviewed at least annually
- Documented infrastructure change management procedures
- Secure document and media destruction
- Incident management function
- Business continuity plan focused on availability of infrastructure
- Independent reviews performed by third parties
- Continuous monitoring and improvement of security programme
Network Infrastructure provides the availability guarantees backed by aggressive SLAs.
- High-performance bandwidth provided by multiple network providers
- Elimination of single points of failure throughout shared network infrastructure
- Cables properly trunked and secured
- Proactive network management methodology monitors network route efficiency
- Real-time topology and configuration improvements to adjust for anomalies
- Network uptime backed by Service Level Agreements
- Network management performed by only authorised personnel
Environmental Controls implemented to help mitigate against the risk of service interruption caused by fires, floods and other forms of natural disasters.
- Dual power paths into facilities
- Uninterruptable power supplies (minimum N+1)
- Diesel generators (minimum N+1)
- Service agreements with fuel suppliers in place
- HVAC (minimum N+1)
- Smoke detectors
- Flood detection
- Continuous facility monitoring
Human Resources provides Rackspace employees with an education curriculum to help ensure that they understand their roles and responsibilities related to information security.
- Reference checks taken for employees with access to customer accounts
- Employees are required to sign non-disclosure and confidentiality agreements
- Employees undergo mandatory security awareness training upon employment and annually thereafter
Security Organisation includes establishing a global security services team tasked with managing operational risk, by executing an information management framework based on the ISO 27001 standard.
- Security management responsibilities assigned to Global Security Services
- Chief Security Officer oversight of Security Operations and Governance, Risk, and Compliance activities
- Direct involvement with Incident Management, Change Management, and Business Continuity
For more information on Rackspace technologies, visit their website.
Pin Payments Security
Our Body Corp offers two methods of payment by the user to the proprietors for the use of the Our Body Corp program: Credit Card transaction, or Electronic Funds Transfer between financial institutions. Our Body Corp uses the payments provider Pin Payments to process Credit Card transactions. Below is a Security Statement issued by Pin Payments.
Pin Payments takes several steps to prevent unauthorised disclosure or modification of sensitive information.
Our software, systems and procedures have been assessed and certified to PCI Data Security Standards.
Pin Payments’ Product and website are subject to periodic manual and automated security audits. Audits are conducted internally as well as by third parties.
Sensitive Information Storage
Credit card information is encrypted and stored in a system completely isolated from Pin Payments. At no time is unencrypted card data stored on disk either inside Pin Payments’ system or in the card storage system. Internally card information is referenced only through the use of a token. The token is not derived from card information in any way.
All requests to our website and API are forced to use HTTPS to ensure encrypted communications.