Skip to main content

Security is a core element of essCert, developed through years of methodical testing and industry input. Key security features include:

  • Multi-tiered application environment, providing isolated tiers for web, application and data protected by dedicated firewalls and network isolation
  • Enterprise wide risk management strategy at data centres including anti-virus, managed firewalls, secure VPN, network and host based intrusion detection
  • Hardened operating system and system components
  • HTTPS Transport Layer Security (TLS) 1.3/1.2 encryption to the client
  • Data encryption in transit and at rest
  • Digital certificates
  • Redundant, geographically disparate data centres for disaster recovery
  • Blockchain / DLT to ensure auditability and immutability  
  • Optional 2FA using TOTP to strengthen access controls
  • SAML single-sign-on to ease & secure access, and align with corporate-wide security policies
  • Annual third-party security audits
  • In excess of 99.9% uptime

Certifications

ISO


essDOCS data centers are ISO 27001 & ISO 27002 certified. An overview of each of these certifications is outlined below:

  • ISO/IEC 27001: formally specifies a management system that is intended to bring information security under explicit management control. ISO/IEC 27001 requires that management: (i) systematically examine the organization’s information security risks, taking account of the threats, vulnerabilities and impacts; (ii) design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and (iii) adopt an overarching management process to ensure that the information security controls continue to meet the organization’s information security needs on an ongoing basis.
  • ISO/IEC 27002: provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining Information Security Management Systems.