Safe and Secured

ISO 27001 Certification

Collect, store & transmit data securely

Built on robust code

Locally stored on AWS

Google Authenticator controls

(pending)

Code and Development Controls

The Drive IQ system consists of a PHP/mysql-based processing platform, cloud-hosted and split across dedicated instances for individual clients. This is supported by numerous Node.js/MongoDB microservices which are also cloud-hosted.

 

Development is predominantly performed in-house in Sydney with a small contingent in India for overflow and out of hours development.

 

The system is functionally assured at a number of levels, broadly split into the following categories; for security reasons some details are omitted. For more information on any of these points please contact your Drive IQ representatitive.

  • Standard software development procedures are followed between our development teams, with all software version-controlled and updates released only after functional assurance and via our local deployment process. Automated change detection and process monitoring on the server are also enforced as a failsafe measure to ensure correctness and completeness of new features and updates

  • Functional testing on both the front and backend is currently performed in Sydney via a suite of predefined scenarios first in our dedicated development environment and then via user acceptance testing in our UAT environment.

  • Backups of the system state at points of known functionality are regularly updated and maintained, with rollback via version-controlled system state.

System Access/ Data Security

  • Server access is controlled at a broad level via IP whitelists and then via tiered user permissions scheme and also 2 factor is implemented. Audits are regularly performed on IP access and on recent logins.

  • Site access is controlled via SSL and the database access designed to prevent malicious attacks such as SQL injection. Database snapshots are regularly synchronised and available for immediate restoration in the event of error or attack.

  • 2 factor authentication is implemented to access the site to validate the user and prevent data breach

Performance and Availability

  • Individual components and server resources are monitored with automated (predictive) alerting to both the teams in Sydney and India.

  • System performance is regularly assured against known benchmarks, with code changes verified to ensure that they improve or maintain performance requirements.

Single Sign On