RedEye Security Centre

Information security is a priority at RedEye, as owners and operators of critical infrastructure store, search, and manage their engineering operations and maintenance data in RedEye solutions. As our customer base grows and the amount of stored data increases, we ensure our systems and our client’s data is suitably protected.

To ensure that clients are confident their data is protected, RedEye has implemented an Information Security Management System (ISMS) that meets the requirements of AS/NZS ISO/IEC 27002:2013(E) and protects customer and business information from a range of threats.

Group 30

RedEye is committed to periodically reviewing and improving its ISMS to ensure its controls are commensurate with the value and business significance of the information stored.

This policy applies to all business operations, equipment, processes, and developed products by RedEye.

The objective of RedEye’s ISMS is to:

  • Secure all RedEye and client assets against theft, fraud, malicious or accidental damage, or a breach of privacy or confidentiality
  • Deliver a reliable cloud service to demonstrate that the platform is fit for purpose to work with sensitive information
  • Ensure software is built and maintained in a secure manner throughout the software development lifecycle
  • Minimise the security risks RedEye faces to reduce exposure to all internal and external threats
  • Treat and resolve security incidents and suspected vulnerabilities in a timely manner in accordance with their respective nature
  • Ensure the organisation is prepared for possible disaster and threat scenarios

Certification audit scheduled for April 2020 with SAI Global.

RedEye performs on-going self-assessments of its platform against the Cloud Security Alliance Consensus Assessment Initiative Questionnaire (CAIQ). A copy of RedEye’s current CAIQ can be requested from your Customer Success Manager

Data Protection Controls

GDPR

RedEye complies with the European General Data Protection Regulation (GDPR).

Data Sovereignty and Backups

Maintaining control over where data is located for both production and backups is critical for RedEye clients.

RedEye uses the AWS S3 service to store client’s file data which is hosted in an AWS region agreed to by the client. To provide protection against failures in AWS S3, files are backed up into Azure in a data centre in the same country but different location.

The frequency in which backups are performed depend on the SLAs agreed upon by the client.

In addition to off-site backups, RedEye uses the S3 Versioning feature that keeps versions of all files so that any malicious or accidental deletion or modification to files can be reverted. All data stored in AWS and Azure is encrypted at-rest.

Disaster Recovery

In order for RedEye to maintain its agreed SLAs, Disaster Recovery Rehearsals are performed by the Operations Team on a monthly basis to ensure that all automation scripts are functional and procedures work in the event of a disaster.

Security by Design

Creating a stable, reliable, and secure platform depends on how well the underlying infrastructure is designed, built, and maintained. In order to scale and recover from disasters, RedEye’s cloud infrastructure is built from the ground up using automation configuration and deployment.

Built upon Apache Mesos, all application services are deployed using containers to provide a resilient and scalable foundation to build our solutions on that provide a very high level of availability for critical systems.

To keep systems secure, all infrastructure is privately addressed with access to systems only available through AWS Application Load Balancers which are protected with WAF Rules and AWS Shield and only permit TLS1.2 encryption.

Host Intrusion Detection Software is deployed across all servers to ensure Operations detect any malicious access attempts.

Application Security

Every six months, RedEye engages a third-party security vendor to perform independent penetration and vulnerability testing across all applications. Developers receive regular training to keep current with the OWASP Top 10 Project and all applications are scanned for vulnerable third-party libraries and code issues to ensure all applications remain secure. Privacy Policy Click to view Privacy Policy.

Have a question?

Do NOT follow this link or you will be banned from the site!