Unmand encrypts all databases at rest with AES-256 encryption. Additional column level encryption is undertaken on sensitive customer data for an added layer of protection.
The location and IP address of each session is recorded, and you can revoke any sessions you don't recognise. Administrators can review all active sessions in the Unmand portal.
Protect your projects against unauthorized use by restricting access to a set of trusted IP addresses using an IP allowlist. You can define one easy-to-maintain allowlist for the entire organisation.
Unmand forces HTTPS for all services using TLS 1.2 (SSL), including our public website and the customer portal. Unmand use HSTS to ensure that all communications between your browsers and Unmand are encyrpted.
Access and account controls
Access to data within Unmand’s portal is governed by role and project-based controls and can be configured to define granular access privileges. There are permission levels for read, write and administrator.
Password and sensitive data
Unmand employs a strong password policy based on algorithmic complexity. This is a more secure, flexible, and usable alternative to password composition policy. Any sensitive information is stored as a one-way cryptographic hash using a enterprise-grade ciphers.
Two factor authentication
A second layer of security to protect access to your Unmand account, we support the Time-based One-time Password (TOTP) approach which requires you to use a compatible smartphone app such as Google Authenticator, Authy or 1Password.
Audit and logging
We maintain comprehensive logs of all activities and actions for each product. These logs can be used for your audit purposes or internally at Unmand for troubleshooting and support requests.
Unmand's physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. All our production systems are physically located in Australia or the USA. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
Access to Unmand’s offices is restricted to authorised personnel. Unmand deploy several security features such as individualised swipe card access, security video feeds, intrusion detection technology, and other security measures.
You can control the retention period for your data directly in the Unmand portal. This can be set from no data retention up to 90 days.
Daily snapshots are retained for 30 days to support point-in time recovery and are encrypted using AES-256 encryption. Backups are replicated to multiple data centres within a particular region.
General Data Protection Regulation
Unmand is committed to compliance with GDPR and have implemented a wide range of technical and organisational measures. This includes the ability for customers to delete information and data uploaded to any of Unmand's product.
Background Checks and Access
Each team member has an extensive background check and undergoes comprehensive training on data security protocols. Only a limited number of staff members can access customer data.
All employees are bound by non-disclosures and confidentiality agreements.
Continuous Education Campaign
Unmand provides staff with continuous communication on emerging threats, performs phishing awareness campaigns, and communicates with staff regularly.
Security Champion Program
Unmand nominates a security lead within every one of our product and service teams. Champions are provided with dedicated training to help them understand and identify application security vulnerabilities and leading secure development practices.
Peer Code Reviews
Every code release is reviewed by peers, whether it’s a new feature or bug fix. Security reviews are performed as part of our software development sprint management and software dependencies are automatically scanned for vulnerabilities and security updates.
Continuous integration and delivery
Every code release is automatically subjected to a pipeline of rigorous tests and analysis before it is deployed. Our continuous deployment system and development process allow us to rapidly update and patch our system whenever needed.
Unmand use Stripe for processing credit card payments. Stripe is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
Unmand does not store your credit card information. Credit card information is handled by Stripe with all card numbers encrypted at rest using AES-256. Decryption keys are stored on separate machines.