Built on trust
Security at Unmand
At Unmand, security has been a foundational focus from day one. We are continually working on new ways to ensure all data transmitted or stored is handled securely. Here are some of the ways we keep you and your data safe.
Download WhitepaperTrusted by leading companies
Product Security
Encryption
Unmand encrypts all databases at rest with AES-256 encryption. Additional column level encryption is undertaken on sensitive customer data for an added layer of protection.
Session management
The location and IP address of each session is recorded, and you can revoke any sessions you don't recognise. Administrators can review all active sessions in the Unmand portal.
IP restrictions
Protect your projects against unauthorized use by restricting access to a set of trusted IP addresses using an IP allowlist. You can define one easy-to-maintain allowlist for the entire organisation.
Secure connections
Unmand forces HTTPS for all services using TLS 1.2 (SSL), including our public website and the customer portal. Unmand use HSTS to ensure that all communications between your browsers and Unmand are encrypted.
Access and account controls
Access to data within Unmand's portal is governed by role and project-based controls and can be configured to define granular access privileges. There are permission levels for read, write and administrator.
Password and sensitive data
Unmand employs a strong password policy based on algorithmic complexity. This is a more secure, flexible, and usable alternative to password composition policy. Any sensitive information is stored as a one-way cryptographic hash using enterprise-grade ciphers.
Two factor authentication
To provide a second layer of security to protect access to your Unmand account, we support the Time-based One-time Password (TOTP) approach which requires you to use a compatible smartphone app such as Google Authenticator, Authy or 1Password.
Audit and logging
We maintain comprehensive logs of all activities and actions for each product. These logs can be used for your audit purposes or internally at Unmand for troubleshooting and support requests.
Physical Security
Infrastructure
Unmand's physical infrastructure is hosted and managed within Amazons secure data centers and utilize the Amazon Web Service (AWS) technology. All our production systems are physically located in Australia or the USA. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon's data center operations have been accredited under:
- ISO 27001
- SOC 2
- PCI Level 1
- FISMA Moderate
- + Sarbanes-Oxley (SOX)
- + more
On-site premises
Access to Unmand's offices is restricted to authorised personnel. Unmand deploy several security features such as individualised swipe card access, security video feeds, intrusion detection technology, and other security measures.
Data Security
Data Ownership
Your data 100% belongs to you. Unmand does not sell your data to third party providers. Unmand has a published privacy policy that clearly defines what data is collected and how it is used. We will never sell or transfer your data to a third party without your consent. For additional information see: https://unmand.com/privacy
Data Retention
You can control the retention period for your data directly in the Unmand portal. This can be set from no data retention to up to 90 days.
Data Backups
Daily snapshots are retained for 30 days to support point-in-time recovery and are encrypted using AES-256 encryption. Backups are replicated to multiple data centres within a particular region.
General Data Protection Regulation
Unmand is committed to compliance with GDPR and have implemented a wide range of technical and organisational measures. This includes the ability for customers to delete information and data uploaded to any of Unmand's product.
Personnel Security
Background Checks and Access
Each team member has an extensive background check and undergoes comprehensive training on data security protocols. Only a limited number of staff members can access customer data.
Confidentiality Agreements
All employees are bound by non-disclosures and confidentiality agreements.
Continuous Education Campaign
Unmand provides staff with continuous communication on emerging threats, performs phishing awareness campaigns, and communicates with staff regularly.
Security Champion Program
Unmand nominates a security lead within every one of our product and service teams. Champions are provided with dedicated training to help them understand and identify application security vulnerabilities and leading secure development practices.
Quality Controls
Peer Code Reviews
Every code release is reviewed by peers, whether it's a new feature or bug fix. Security reviews are performed as part of our software development sprint management and software dependencies are automatically scanned for vulnerabilities and security updates.
Continuous integration and delivery
Every code release is automatically subjected to a pipeline of rigorous tests and analysis before it is deployed. Our continuous deployment system and development process allow us to rapidly update and patch our system whenever needed.
Payment Security
Payment provider
Unmand use Stripe for processing credit card payments. Stripe is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
Credit cards
Unmand does not store your credit card information. Credit card information is handled by Stripe with all card numbers encrypted at rest using AES-256. Decryption keys are stored on separate machines.