Bookmark SiteTell a FriendPrint

1300 733 923

  

Nous Factory Security Governance

INTRODUCTION TO NOUS FACTORY SECURITY GOVERNANCE

Nous Factory clients need to place trust in our security and governance of the Cloud Nous environment so they feel confident their data will be protected and its integrity maintained. Data security and governance is an important part of any cloud business, a quintessential part of Nous Factory.
We apply and test this principle with every Nous team member we employee, every partner we unite with, every offer we make and every client we accept.

TRANSPERANT SECURITY

We believe in Transparent Security where rational so disclose governance aspects of our security design, policies and practices:

We will

  • Disclose common security policies and practises
    We discuss common security features we use including firewalls and data encryption
  • Disclose when mandated by legal or regulatory requirements
    We will make disclosure when required by law or regulation
  • Disclose Security Architecture
    We may make disclosure depending on the associated risks
  • Articulate Governance responsibilities of our clients compared to Nous Factory
    We clearly articulate what clients must do themselves to help protect their data and ensure accessibility

Within our governance is non-disclosure under some circumstances:

We will not

  • Exacerbate risk
    We do not disclose anything that could create a risk to our infrastructure or the integrity of the data we are entrusted with
  • Do harm
    We do not disclose anything that could create harm for a customer or partner
  • Create unmanageable liability
    We will not promise anything that may prove difficult to achieve
  • Disclose information when mandated
    We will not disclose information where that would result in a breach of legal or regulatory requirements

BALANCED SECURITY

Nous Factory balance security against client cost, risk and convenience of use. Our clients want security that is sufficient to enable them to entrust their data to us without incurring too much cost or making user access inconvenient.

SPECIFIC SECURITY

We look at security risk in the following operational categories:

  • Protecting data in transit
    We make certain data is protected as it is transferred between our client and Nous Factory
  • Data at rest
    We control the threat of hackers, online crime, viruses and spyware
  • Data privacy & Maintaining Compliance
    As is legally possible our data is protected from foreign laws of disclosure and access. We ensure compliance to regulations and standards with regards data privacy and protection
  • Data availability and recovery
    We offer industry best Quality Of Service (QOS) with regards data accessibility. We maintain data recovery needs for all possible scenarios, including catastrophic

NOUS SECURITY DIFFERENTIATION

We differentiate our self in the market by leveraging the inherent security advantages of our structure and environment. By nature of our virtualised cloud and our client base we can:

  • Implement and maintain best-of-industry security solutions
  • Employ industry-leading expert partners
  • Provide 24/7/365 services including:
    • Firewall monitoring
    • Intrusion detection and prevention
    • Email filtering
    • Security patch and upgrade management
  • Deliver corporate data through one central secure location accessible from anywhere there is an internet connection
  • Guarantee data backups and a stated QOS for accessibility
  • Minimise the risk of client data loss from fixed or mobile devices through loss or theft

SUMMARY

We finish where we began:
Nous Factory clients need to place trust in our security and governance of the Cloud Nous environment so they feel confident their data will be protected and its integrity maintained.

Our commitment:
Cloud Nous, your data is as safe as online banking

Specific Security Details

PROTECTING DATA IN TRANSIT

Desktop Access User Validation

Authentication is by username and password at the 'cloud' (please also see password policy below). Login data is encrypted with shra1RSA signature algorithm, certificate issued by DigiCert (High Assurance CA-3).

Communication Between User & Nous

Outside of general browsing of the Nous Factory Website, all communication between clients and Nous Factory is encrypted with Secure Socket Layer Cryptology, the same as your online banking uses. The following encryption is used in Nous Factory web services:

  • Cloud Nous Desktop
    • Algorithm: (Up to) 256 bit shra1RSA signature
    • Certificate: DigiCert High Assurance CA-3
  • Cloud Nous Provisioning website
    • Algorithm: (Up to) 256 bit shra1RSA signature
    • Certificate: DigiCert High Assurance CA-3
  • Nous Factory website
    • Is a VeriSign Trusted Website; Our ownership of the site and business identity has been verified by VeriSign
    • VeriSign scan all pages of http://nous-factory.com.au for Malware daily and retract their seal should any Malware be found
  • Nous Factory Live Help, Knowledge Base and Ticket System (via LiveHelpNow)
    • Algorithm: (Up to) 256 bit AES signature
    • Certificate: GoDaddy.com Web Server Certificate
  • Nous Factory webinars (via Cisco Webex)
     
                  Desktops
    • Algorithm: 256 bit AES signature
    • Certificate: VeriSign Class 3 Secure Server CA - G2
       
      End-toEnd
    • Algorithm: (Up to) 256 bit AES signature
    • Certificate: VeriSign Class 3 Secure Server CA - G2
  • Nous Factory downloads being training files & streaming video (via Amazon web services)
    • Algorithm: (Up to) 256 bit shra1RSA signature
    • Certificate: VeriSign Class Secure Server Certification

      Or
    • Algorithm: (Up to) 256 bit shra1RSA signature
    • Certificate: Entrust.net Secure Server Certification Authority

Password Policy

Passwords policy ensures passwords must be:

  • Between 8 and 12 characters
  • A combination of letters, numbers and special characters
  • Must begin with a letter
  • Must contain at least one capital letter
  • Must not end with a number
    Virus Protection
  • Our nDrive checks all files being passed to the desktop; files cannot be loaded into desktops outside of nDrive.

DATA AT REST

Intruder Prevention

  • All client data is stored behind multiple firewalls to prevent 'hacking'.
  • Casaba Security http://www.casabasecurity.com proactively and repeatedly test for holes in our web security. They use multiple processes including source assisted testing to verify our base code.
  • Physical security of data is covered below in Data Storage

Virus Protection

  • We use multi-layered virus protection from different suppliers to offer best possible fortification against virus, malware and spyware. This is maintained centrally by our 27/7/356 operations centre staff.
  • Our nDrive checks all files being passed to the desktop; files cannot be loaded into desktops outside of nDrive.

Data Storage

All client data is stored at the Polaris Data centre in Queensland. This facility offers best in class availability and physical data protection; technical details.

Data Protection between Accounts

All client data is stored encrypted on a Storage Area Network (SAN), separate from the regular network system; connection is only made on login to the users profile. The client username and password is required to decrypt individual client data using NT File System (NTFS) permissions. The only access to client data is through the Cloud Nous Desktop.

DATA PRIVACY & MAINTAINING COMPLIANCE

Privacy

Nous Factory complies with all applicable laws, rules and regulations including, without limitation, the Privacy Act 1988 (Cth) and the National Privacy Principles contained in Schedule 3 of that Act, regardless of whether the Customer is a small business operator for the purposes of that Act, or would otherwise be exempted from complying with that Act.
Dependant on the client's contract with Nous Factory, personal data including Credit Card information if used is held:

  • In Switzerland on servers meeting all Australian laws (including Payment Card Industry Data Security Standards (PCI DSS)) and the stringent Swiss laws, or
  • In the Commonwealth Bank's Commbiz PCI DSS compliant system through our three-way bank hosted payment gateway
  • Offline storage in secure dedicated facility

Client questions raised through our support Ticket System and Live Chat is held encrypted at rest on servers located in Dallas, Texas, USA at rackspace hosting. Questions and answers are the only data held at rackspace

Client enrolments and chat related to Nous Factory web seminars are held in Cisco's Melbourne Australia located data centre.

Data Protection between Accounts

All client data is stored encrypted on a Storage Area Network (SAN) separate from the regular network. Connection between the SAN and regular network is only made on login to the user's profile through the Cloud Nous Desktop. The client username and password is required to decrypt individual client data using NT File System (NTFS) permissions. The only access to client data is through the Cloud Nous Desktop.

Data access by System Administrators

Nous Factory and their suppliers do not have access to client data. The only access to client data is through the Cloud Nous Desktop.

DATA AVAILABILITY & RECOVERY

Data Storage

All client data is stored at the Polaris Data centre in Queensland. This facility offers best in class availability and physical data protection; technical details.

Data Backbone & Availability

  • From the Data Centre we use a NextGen Networks black dual fibre redundant, 100 Mbps (soon to be 1 Gbps) high-speed internet backbone direct to most Australian Capital Cities. Further redundancy is given with alternative carriers include Pipe Networks and AAPT.
  • Our availability is better than:
    • Internet and Data Centre 99.95% availability
    • Network 99% availability
  • We use robots to login at random times providing a stream of statistical data to ensure the customer access is within 5% of our best experience measure. These robots do not see client data, just access to our services

Available Resources

To ensure adequate resource is available to maintain performance for all clients, we:

  • Schedule additional hardware (servers) installation for every 1200 seats. This is based on sales forecasts and reviewed Monthly
  • Resources peaking at 60% of available capacity start an automated upgrade process for additional hardware (servers). From order to commissioning takes around 12 days

Continuity Of Service; Nous Factory Succession

Nous Factory is a fully Australian owned company. Part of our Corporate Governance looked at continuity of client services if succession was required.
In such an event, our major supplier would ensure client service is maintained. This is dictated in the Nous Factory & supplier agreement:
"...the Supplier will assume control and ownership of the End User together with all of the Products supplied by Supplier and day to day responsibility of all matters associated with the End User. All existing contracts between the Customer and End User will novate to the Supplier."
Our supplier is an Australian company, 50% owned by a global parent.

 

The Future of Bookkeeping
and Payroll Services

Consult now >

Home | Contact Us | Site Map | Security Governance | Print this page | Top of page

Phone: 1300 733 923
Address: PO Box 2958, Burleigh Waters, Queensland, Australia, 4220
Copyright © 2024 Club2Cloud
Designed by Bloomtools