Altora use a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected.
Security
We protect your data with encryption in transit and at rest while maintaining integrity, availibility, confidentiality and security of your organisation’s data.
Reliability
Altora’s products are designed for high performance and availability, delivering our customers best-in-class core technologies that are stable and secure at scale.
Compliance
With ever-increasing security challenges, we adhere to global, regional, and industry standards to meet compliance and regulatory requirements.
Privacy
We respect each individual’s privacy and are committed to protecting it through our product, infrastructure, and data governance.
Operational Security
Altora cloud products and data are hosted on industry-leading cloud provider Amazon Web Services (AWS). Our products run on a software as a service (SaaS) environment that is built on a single core infrastructure.
Data Centre Controls
We only use state of the art data centres and cloud providers. Our platform is built on Enterprise grade scalable infrastructure 24/7 monitoring for all aspects of operational security and performance. Equipped with state-of-the-art security such as biometrics, sensors for intrusion detection, key cards, and around-the-clock interior and exterior surveillance.
Physical access to the data centre is restricted to only individuals who require access to maintain systems needed to support the platform. There are several levels of access control that are logged and monitored, personnel are police checked and character referenced checked. The access is dependent on the seniority of the personnel.
Data Centre Compliance
Our data centre provider is certified to the following compliance standards: HIPAA, PCI-DSS, SOC 1 Type 2, SOC 2 Type 2, ISO 27001 and FISMA/NIST.
Our cloud provider has the following certifications: PCI-DSS, ISO 27001, SOC 1 / 2 / 3, IRAP, ISO 27018 and ISO 9001.
Application Security
Our application has been designed with focus on security, employing best software engineering practices, encryption technologies and security assurance.
Data Encryption
To protect data, we encrypt information in transit over public networks using TLS 1.2 to protect it from unauthorised disclosure or modification. Data stored on servers holding customer data use full disk, industry standard AES-256 encryption at rest. Cloud systems are protected using next-generation threat protection software.
Tenant Separation
Measures are put in place to segregate every customer’s data from each other. This means while our customers share a common cloud-based IT infrastructure when using Altora’s products, that any actions of one customer cannot impact or compromise the data or service of another customer.
User Access
We protect and ensure the integrity of sessions and authentication credentials by building in protection mechanisms such as the following:
Two-factor authentication (2FA) is designed to prevent anyone but you from accessing your Altora account, even if they know your password.
We enforce a password complexity standard and passwords are also asymmetrically encrypted; this security method is stronger and uses a strong salted hash.
Logging
All key actions on the application are centrally logged which events can be recalled if needed. Our internal processes define how these alerts are triaged, investigated further, and escalated appropriately. Key system logs are forwarded from each system where logs are read-only.
Reliability
Our products are designed for high performance and availability.
Availability and Continuity
The service is hosted on high-availability servers to meet Altora’s SLA guarantee. Altora’s detailed SLA is available here. The load balancing nature of high availability servers enables maximum uptime and stability for critical system that need to be available near 100%, 24×7. Connectivity is via dedicated fibre and internet via multiple tier-one service providers. Data is backed up daily off-site with disaster recovery procedures in place including several copies in encrypted archives.
Platform Performance
We use Amazon Web Services (AWS) as a cloud service provider and its highly available data centre facilities in multiple regions worldwide. Each AWS region is a separate geographical location with multiple, isolated, and physically separated groups of data centres known as Availability Zones (AZs).
We leverage AWS’ compute, storage, network, and data services to build our products and platform components, which enables us to utilise redundancy capabilities offered by AWS, such as availability zones and regions.
Application and Data Safeguards
We operate with comprehensive procedures with disaster recovery and business continuity plans. Our backup measures are designed in line with system recovery purposes.
Automated AWS Snapshots are backed up daily, encrypted using AES-256 encryption. This backup data is not stored offsite but is replicated to multiple data centres across multiple available AWS zones.
Privacy
Our commitment to data protection and privacy.
Data Protection and Privacy
We use several security controls to protect our application from intrusions and breaches. Each account’s data is separately stored from one another using unique identifiers and authentication technologies.
Your data is always safe as we do not give, rent, or sell this data to anyone else, nor do we make use of it ourselves for any purpose other than to provide our services. More information can be seen on our privacy policy.