Data Management and Security
At PowerHouse Hub, we take the responsibility for protecting your data very seriously.
We are committed to keeping your data safe and secure by using best practices to protect our systems.
This page provides information on our data security and compliance as it relates to all sections of our business, including application, firewall, hosting and peripheral security.
PowerHouse Data Security
PRIVACY PRINCIPLES AND LEGISLATION
PowerHouse Hub undertakes to comply with:
a. all Privacy Laws, including the Australian Privacy Principles and the GDPR data management principles.
b. all reasonable directions of the Customer regarding the management of Personal Information, in the performance of its obligations under this Agreement. Please refer to the Customer Agreement with detailed coverage on how we comply with privacy principles and legislation.
POWERHOUSE PRODUCT SECURITY
Our Secure Software Development Lifecycle (SDLC) incorporates automated and manual security checks into each phase of the PowerHouse software development process. The tools, workflows and processes that underpin the SDLC allows us to quickly detect any potential risk, and take the necessary proactive steps to mitigate. Software enhancements and upgrades are regularly released as part of scheduled release cycle, with more security patches released more as needed. Our Change Management workflows allow us to be agile and efficient during the release cycles.
DATA STORAGE, DATA BACK-UP, DATA SOVEREIGNTY AND RESIDENCY
Customer data is stored in Amazon Web Services (AWS) data centres. Our data storage policy and related data back-up is programmed to be managed in-country for our customers. We assist our customers in maintaining compliance with data protection regulations such that data can be stored in the relevant geographic region. For enterprise customers we also offer dedicated AWS servers and aligned infrastructure.
DATA ENCRYPTION AND 2FA
Customer data is protected by encryption at rest and in transit. Customers can set and define their own password schemas and all passwords are automatically encrypted in the User Module. The PowerHouse platform also offers two-factor authentication (2FA) to strengthen security around your login procedures.
BUSINESS CONTINUITY AND DISASTER RECOVERY PLANS
PowerHouse has developed a responsive Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) which aggregate and incorporate AWS services to ensure customer data is backed up and retrievable in the event of a qualifying situation.
SECURITY SYSTEMS AND PENETRATION TESTS
Our security infrastructure includes security systems and protocols like firewalls, network layer security, application layer security, threat detection and protection, vulnerability scans, access control and encryption. We perform independent security penetration tests on our applications and provide the opportunity for enterprise customers to implement their own penetration tests on their portals.
Hosting: Perimeter Layer Data Security
The Mediasphere network resides within Amazon Web Services (AWS’s) world class data center. AWS implement controls, build automated systems, and undergo third-party audits to confirm security and compliance. The security includes:
ACCESS IS SCRUTINIZED
AWS restricts physical access to people who need to be at a location for a justified business reason. Employees and vendors who have a need to be present at a data center must first apply for access and provide a valid business justification. The request is reviewed by specially designated personnel, including an area access manager. If access is granted, it is revoked once necessary work is completed.
ENTRY IS CONTROLLED AND MONITORED
Entering the Perimeter Layer is a controlled process. We staff our entry gates with security officers and employ supervisors who monitor officers and visitors via security cameras. When approved individuals are on site, they are given a badge that requires multi-factor authentication and limits access to pre-approved areas.
AWS DATA CENTER WORKERS ARE SCRUTINIZED
AWS employees who routinely need access to a data center are given permissions to relevant areas of the facility based on job function. But their access is regularly scrutinized, too. Staff lists are routinely reviewed by an area access manager to ensure each employee’s authorization is still necessary. If an employee doesn’t have an ongoing business need to be at a data center, they have to go through the visitor process.
MONITORING FOR UNAUTHORIZED ENTRY
We are continuously watching for unauthorized entry on our property, using video surveillance, intrusion detection, and access log monitoring systems. Entrances are secured with devices that sound alarms if a door is forced or held open.
AWS SECURITY OPERATIONS CENTERS MONITORS GLOBAL SECURITY
AWS Security Operations Centers are located around the world and are responsible for monitoring, triaging, and executing security programs for our data centers. They oversee physical access management and intrusion detection response while also providing global, 24/7 support to the on-site data center security teams. In short, they support our security with continuous monitoring activities such as tracking access activities, revoking access permissions, and being available to respond to and analyze a potential security incident.
Hosting: Infrastructure Layer Data Security
LAYER-BY-LAYER ACCESS REVIEW
Like other layers, access to the Infrastructure Layer is restricted based on business need. By implementing a layer-by-layer access review, the right to enter every layer is not granted by default. Access to any particular layer is only granted if there is a specific need to access that specific layer.
MAINTAINING EQUIPMENT IS A PART OF REGULAR OPERATIONS
AWS teams run diagnostics on machines, networks, and backup equipment to ensure they’re in working order now and in an emergency. Routine maintenance checks on data center equipment and utilities are part of our regular operations.
EMERGENCY-READY BACKUP EQUIPMENT
Water, power, telecommunications, and internet connectivity are designed with redundancy, so we can maintain continuous operations in an emergency. Electrical power systems are designed to be fully redundant so that in the event of a disruption, uninterruptible power supply units can be engaged for certain functions, while generators can provide backup power for the entire facility. People and systems monitor and control the temperature and humidity to prevent overheating, further reducing possible service outages.
Hosting: Data Layer Data Security
TECHNOLOGY AND PEOPLE WORK TOGETHER FOR ADDED SECURITY
There are mandatory procedures to obtain authorization to enter the Data Layer. This includes review and approval of a person’s access application by authorized individuals. Meanwhile, threat and electronic intrusion detection systems monitor and automatically trigger alerts of identified threats or suspicious activity. For example, if a door is held or forced open an alarm is triggered. We deploy security cameras and retain footage in alignment with legal and compliance requirements.
PREVENTING PHYSICAL AND TECHNOLOGICAL INTRUSION
Access points to server rooms are fortified with electronic control devices that require multi-factor authorization. We’re also prepared to prevent technological intrusion. AWS servers can warn employees of any attempts to remove data. In the unlikely event of a breach, the server is automatically disabled.
SERVERS AND MEDIA RECEIVE EXACTING ATTENTION
Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high impact, throughout their life-cycle. We have exacting standards on how to install, service, and eventually destroy the devices when they are no longer useful. When a storage device has reached the end of its useful life, AWS decommissions media using techniques detailed in NIST 800-88. Media that stored customer data is not removed from AWS control until it has been securely decommissioned.
THIRD-PARTY AUDITORS VERIFY OUR PROCEDURES AND SYSTEMS
AWS is audited by external auditors on more than 2,600 requirements throughout the year. When third-party auditors inspect our data centres they do a deep dive to confirm we’re following established rules needed to obtain our security certifications. Depending on the compliance program and its requirements, external auditors may interview AWS employees about how they handle and dispose of media. Auditors may also watch security camera feeds and observe entrances and hallways throughout a data center. And they often examine equipment such as our electronic access control devices and security cameras.