We recognize that information security and disaster recovery practices are important to our clients.
Just like all information technology, the GuardianERM system is inherently exposed to cyber risks. InConsult recognises these risks and has developed a range of control and recovery measures to ensure integrity, confidentiality, and ongoing availability.
GuardianERM allows each client to control who has read and/or write access to which modules and business units. Clients are responsible for user access rights within their database.
Strong password security is an important first step in protecting GuardianERM user accounts. GuardianERM allows each organisation to customise system password rules to conform to its own internal security policy. Each client can set password expiration periods, password length and password complexity. All passwords are encrypted, salted one-way hashed for maximum security.
Users sometimes leave their computers unattended or forget to log off. To protect against unauthorized access, GuardianERM automatically closes sessions when there is no session activity for a period of time. The default timeout is 1 hour. Sessions also implement tokens to ensure access is secure at all times.
GuardianERM supports single sign-on (SSO). SSO is an authentication method that allows users to sign in to Guardian using one set of credentials – in most cases, your organisations email and password via the Azure Active Directory. With SSO, there are many benefits:
GuardianERM ensures that your data is protected in-transit from your browser to our servers using the strongest Internet encryption technologies. From HTTPS to SSE to the latest TLS security, we have it covered.
When your data is stored on our servers it is encrypted-at-rest for further security. This applies to all copies of your data: live, backup, and mirrored.
GuardianERM production servers are hosted in Sydney, Australia on Microsoft’s industry leading Azure platform. Azure offers a broad set of key global and industry-specific standards and supporting materials for key regulations, including ISO/IEC 27001 and ISO/IEC 27018, FedRAMP, and SOC 1, 2, and 3 Reports.
Azure also meets regional and national standards that include – Australia IRAP, UK G-Cloud, the EU Model Clauses, EU-U.S. Privacy Shield, Singapore MTCS, the CS Mark in Japan and Singapore MTCS. Azure is an Australian Signals Directorate (ASD) Certified Cloud Service provider.
Rigorous third-party audits, such as those done by the British Standards Institute, verify adherence of Azure to the strict security controls these standards mandate. When data deletion is requested, we use Azure’s best practice procedures and a wiping solution that is NIST 800-88 compliant, so your data cannot be accidentally available to a third party.
Our security hardened servers have been locked down to comply with industry best practices. These policies/standards/measures include:
Azure servers are subject to penetration testing based on ten (10) attack vectors that potentially impact degradation of system integrity, confidentiality, and availability.
In addition, InConsult performs periodic penetration tests and cyber security scans to identify potential vulnerabilities on the GuardianERM.net servers and including our own business network infrastructure. Our latest penetration test found zero common vulnerabilities.
For production and back-up, we utilise world-class data centres in Sydney, Australia. Access is physically secured at the boundary via Perimeter fence and gate and Mantrap. Human security includes 24×7 security officers, CCTV, recorders, motion detection and Biometric Readers within the building and on the data centre floor.
UPS redundancy is in place and back-up power is provided via 3 x 3,000kVA diesel generators.
Our data centre provider meets the following certifications and standards:
InConsult has in place a Cyber Security Framework that is based on the National Institute of Standards and Technology (NIST) Cyber Security Framework. This framework includes policies, standards and procedures that set the expectation of staff and the GuardianERM.net product. Currently, InConsult has in place a:
Access to GuardianERM is restricted to the InConsult development team for updates, enhancements, and maintenance. Extensive testing is performed by several team members prior to release.
All clients are notified of major changes and any planned outages due to upgrades. Release notes are documented with each release of a new version.
The GuardianERM platform is designed to provide reliable and continuous availability. GuardianERM availability is achieved in numerous ways:
InConsult has a Business Continuity Plan and Data Breach Incident Response Plan that covers all services including GuardianERM. The plan is reviewed annually and updated as required.
Component tests of the various disruption scenarios are tested periodically.
Every day, new security issues and attack vectors are created. We strive to stay on top of the latest security developments both internally and by working with external security experts.
Currently, we implement a Cyber Security tool that provides us with real-time monitoring of potential threats by industry-leading organisation UpGuard. We aim to ensure our Cyber Security Rating (CSR) on the UpGuard platform is an “A” as a standard, upward of 850 points.
If you believe your account has been compromised or you are seeing suspicious activity on your account please contact us.
In the event of a data breach, we will promptly notify our clients.
To date, there has been no loss of data, no security breaches and no unexpected service interruptions reported.
InConsult has secured official partnerships that are key to staying ahead of the ever evolving cyber threat landscape. We are proud to announce official partnerships with:
Thank you for considering a GuardianERM demonstration. We want to ensure the planned demonstration runs smoothly and meets your needs.
To help us better understand your requirements and expectations, please complete the following information. All information provided will be treated as confidential.
After you have arranged a demo, you may qualify for a 7 day free trial to experience GuardianERM yourself and see why our clients choose GuardianERM.