Security

Datalink take technical and organisational precautions in line with industry best practice to prevent the loss, misuse or alteration of your personal information.

Governance

Our audit, compliance and risk effort is open and collaborative, and we work with our customers to identify and implement relevant standards and practices as internet security evolves. Datalink maintains and updates its Information Security Policies and Procedures at least annually.

Application Security

Datalink builds security into the core it its product, validated through numerous controls.

• A sophisticated role-based security model is implemented at a low level
• All data changes within our products are audited
• Data is encrypted both in transit and at rest
• Authentication uses best practices and technologies including SAML, OAuth2 and JWTs.
• Privacy controls within the product allow affected persons to refuse consent to share data 
• Datalink follows industry best practices in software development, including OWASP secure development guidelines, peer reviews, static code analysis, penetration testing, continuous integration, automated testing, platform monitoring and incident response.
• We identify, fix, and prevent security issues through security design review, automated and manual code assessment, and developer education.

Network and Operations Security

Datalink products are built on top of Amazon Web Services, and includes sophisticated engineering to maintain high security.

• Our network and infrastructure is designed to meet security best practices
• Regular external penetration tests are conducted
• The network is monitored 24×7 for irregularities
• The data centre is ISO 27001 and COBIT certified.
• Datalink meets the mandatory requirements of Australian Government PSPF, ISM, ISMP, APP and Privacy Acts.

Availability and Continuity

Datalink runs a high-availability, dynamically scaled environment with no single point of failure and an uptime exceeding 99.99%. 

Datalink has rigorous processes for release management, data treatment, backup and disaster recovery. A business continuity plan is in place to cover service disruptions and cybersecurity incidents. 

Data Protection

Datalink has a long history hosting sensitive datasets and takes data protection seriously.

Data is encrypted both when in transit and at rest, and does not transit international borders. Furthermore, only Datalink’s Australian staff have access to the systems storing customer data. Datalink is committed to informing its customers of any breach or potential breach. 

Datalink is working towards GDPR compliance for European 

Shared Responsibility

Datalink takes great care to protect its network and application from cyber attacks, however the customer must also implement protections in its own operations to prevent its data from being accessed or misused inappropriately. 

Incident Response

Datalink’s Disaster Recovery processes include specific controls for cybersecurity, data integrity and security incident management. Datalink has a 24 hour priority response service for security incidents, and you can report issues below.