Security is a core element of essCert, developed through years of methodical testing and industry input. Key security features include:
- Multi-tiered application environment, providing isolated tiers for web, application and data protected by dedicated firewalls and network isolation
- Enterprise wide risk management strategy at data centres including anti-virus, managed firewalls, secure VPN, network and host based intrusion detection
- Hardened operating system and system components
- HTTPS Transport Layer Security (TLS) 1.3/1.2 encryption to the client
- Data encryption in transit and at rest
- Digital certificates
- Redundant, geographically disparate data centres for disaster recovery
- Blockchain / DLT to ensure auditability and immutability
- Optional 2FA using TOTP to strengthen access controls
- SAML single-sign-on to ease & secure access, and align with corporate-wide security policies
- Annual third-party security audits
- In excess of 99.9% uptime
essDOCS data centers are ISO 27001 & ISO 27002 certified. An overview of each of these certifications is outlined below:
- ISO/IEC 27001: formally specifies a management system that is intended to bring information security under explicit management control. ISO/IEC 27001 requires that management: (i) systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities and impacts; (ii) design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and (iii) adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
- ISO/IEC 27002: provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining Information Security Management Systems.