This is the second information security bulletin, this time focusing on application development and data security. We provide these so you can gather all the relevant facts about how we manage and deliver appropriate site security for your use.
In our last bulletin we highlighted the reasons for introducing two-factor authentication. This bulletin is about relevant development and site security standards that are employed to ensure the web application and data security are meeting required recognised standards.
Quotemonster uses Open Web Application Security Project (OWASP) procedures to help us shape the types of testing, validation, and code review that are performed during the development lifecycle.
The service is hosted by Azure cloud servers. Data entered by you and generated by the service is stored in these servers, which are located in Australia. We have assessed Australia as having equivalent standards for data protection to those that apply here in New Zealand. No data that is received from New Zealand is being transmitted or stored in UK, EU, or US. Our Microsoft Azure data centre locations are in two different places in Australia to provide further resilience in case of natural disasters. No data is stored outside of New Zealand and Australia.
Microsoft provides the data centre’s audit reports and certifications to us. For Azure, Microsoft Dynamics 365 and other online services – Public & Government – we hold a copy of SOC 2 Type II + C5 + CSA Star Report.
There are additional site security standards that you will have an opportunity to read about in the coming weeks as we aim to fill up your compliance file on our site security.
Remember that we are about to implement 2FA on the site, so please allow a little more time in the next couple of weeks to familiarise yourself with the process as it gets rolled out across all our users.
You will not be able to share a login between different advisers once 2FA has been implemented. If you would like to talk to us about licence terms or obtaining additional licenses please call or contact us.
Want to know more?
We are here to help! You can email us to ask for copies of past security bulletins. You can also look up our outsourced provider statement at the bottom right-hand corner of every page on the site at www.quotemonster.co.nz. More information about relevant certifications, policies, and procedures will be shared in future information security bulletins. We recommend you keep these with other compliance documents.
Please contact us on 09 480 6071 or at [email protected] if you have any concerns or questions.
ISB 02-202211
