Polonious has a world-leading approach to keeping your data safe.
Polonious has implemented a multi-layer approach to information security and we have more options available for extra levels of defence for particular customer requirements.
- SSL Encryption. All data transmission between Polonious and your Web browser is encrypted (up to 256-bit if required).
Strong password rules. Polonious enforces complex password rules, including lockout, password expiration, password repetition and password history to increase security of user accounts. All passwords are encrypted and the rules can be easily configured to meet your requirements.
- Configurable network options. Polonious can be configured so the customer instance only accepts connections from particular IP addresses.
- OpenNMS Monitoring. Polonious is monitored to report system health, potential problems and suspicious activity. All exceptions are reported back to the support team for immediate action.
- Virtual environments. All instances are separated in a virtual environment. This isolates the data for each customer and improves isolation security.
- Security patches. Many attacks occur if the software exposed to the Internet is not ‘patched’ regularly for security issues. Polonious has a procedure to ensure patching happens daily.
- Off-site backups. All customer data is backed up, encrypted and sent off-site to a server remote from the main server pool. Backups are verified and we can restore a customer to the end of previous day operations should the need arise.
- Malware protection. Polonious application servers run the Linux operating system. There are no known viruses or spyware that affect this environment due to the way the operating system has been designed.
- Trusted staff. Background checks are conducted on all staff who all sign an agreement with Polonious. Any compromise to customer privacy will result in legal action and dismissal.
- Trusted hardware. All Polonious servers are custom built to specification by a trusted supplier. There is no compromise in the quality or security of our servers and we do not use third-party bulk hosting of cheap cloud solutions which means your data is stored in a known controlled environment in an appropriate jurisdiction.
- Jurisdiction control. With our owned hardware, we can control where your data is physically located. You can be assured if there was ever an issue it would be able to be addressed in an appropriate legal manner. For example, US customers are hosted on servers located in Washington, Virginia and Washington D.C. Australia and New Zealand customer data is hosted among several server locations in NSW, Australia.
- Physical security. All hosting locations have the highest standards of physical security and access is only available to approved personnel. Security measures include constant surveillance and biometric access control.
- Auditing and testing. Polonious customers can independently engage security experts to conduct penetration tests to the level of bank-grade security.
- DIACAP approved. The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the United States Department of Defense (DoD) process to ensure that risk management is applied to information systems.
- HIPAA compliant. Polonious has several compensation and health insurance clients and are regularly reviewed in relation to HIPAA compliance.
- Industry certified. Polonious has achieved numerous information security certifications, including CompTIA Security TRUSTMARK.