LawFest-logo-horizontal-transparent-back
PROUD SPONSORS OF LAWFEST 2019

#lawfest2019 | lawfest.nz

  • LinkedIn - White Circle
PRIVACY BY
DESIGN 

The entirety of our process is designed to protect the privacy of your data

ADVANCED SECURITY MEASURES

Some of the security measures we take to protect our users

PENETRATION
TESTED TECHNOLOGY

The Biometric & OCR  technology has been explicitly scanned for vulnerabilities across a broad range of categories

ISO CERTIFIED
TECHNOLOGY

The Biometric and OCR technology is ISO 27001 and ISO 22301 certified

PRIVACY BY DESIGN

Once you have verified and identified your customer and have downloaded your report, ALL global data is cleaned and the verification will be archived within a 5 minute period. 

 

We DO keep an internal reference number to allow us to match products to ID’s completed and for internal billing purposes. 

 

We NEVER keep any personal data related to any person you have verified. 

 

Once a report has been downloaded, any data such as images and videos stored during our biometric verification process will be DELETED from our database.

 

If for any reason, you haven’t downloaded the report, your customer hasn’t completed the process or because you’re satisfied with just using APLY’s web interface, the maximum life span of a verification is 7 days. Beyond this, verification data is automatically cleansed, images and videos deleted, and the verification is archived as previously described

 

We are confident in our hosting services and development tools (Amazon Web Services/Heroku) and their expertise regarding internet security questions, we also know that not a single system on earth is 100% safe. APLY’s method of handling customer data ensures we and our clients have only very limited data in our database in case of a breach at any given time.

 
 

End to end data encryption: Every connection and data transfer is made through secure connections using HTTPS or SSH with credentials

AES-256 Encryption for images and videos. Our verification assets are stored on an encrypted disk

Verification assets are stored using 3 randomly generated keys to access them. It is impossible to predict what URL will be generated

AES-256 Encryption for our database. Our database is encrypted on disk

Our database and verification assets are not stored in the same location

The maximum lifespan of our data is 7 days

PENETRATION TESTING

The Biometric and OCR technology has undergone penetration tests. Load tests are conducted four times a year on production environments and one time a year on test environments. The penetration tests cover OWASP Top 10, OWASP 3.0, SANS Top-25, Broken Authentication, Sensitive Data Exposure, XML, Broken Access Control, Security Misconfiguration, Cross Site Scripting (XSS) and Insecure Deserialisation. Daily server scans are conducted and are explicitly scanning for vulnerabilities in a broad range of categories, including backdoors and trojan horses, brute force attacks, CGI, databases, DNS and Bind, e-commerce applications, file sharing, SFTP, firewalls, General Remote Services, hardware and network appliances.
 
 

INTERNATIONAL STANDARDISATION ORGANISATION (ISO) CERTIFICATIONS

The Biometric & OCR technology has been ISO 27001 and ISO 22301 certified

 

 

ISO 27001 Focus

  • To protect confidentiality, integrity and availability of information within a company

  • Achieved via

    • Risk assessment

    • Risk mitigation

    • Risk treatment

 

Controls are developed through policies, procedures and technical implementation. ISO 27001 clearly identifies the risk in process management, legal protection, human resources, physical protection and many more as well as IT security

ISO 22301 Focus

 

The ISO 22031 is the Business Continuity Management System standard. This certification has been developed to ensure protection due to unexpected disruption and disaster. This policy provides asset owners, personnel and sub-contractors an understanding of what is required in the course of recovering from a disaster.