client data security statement
Portalink treats data security and integrity with utmost seriousness.
Portalink is non-invasive and has no direct access to any client databases.
Precautions have been implemented to restrict unauthorised access to sensitive data and all activities conducted by Portalink's support consultants is carefully tracked and monitored.
1. Portalink's approach to information security security is embedded in our development methodology. Our technical team adhere to industry development practices, which include a strict coding standard, a standard source repository branching policy, continuous integration, pair programming, and reviews.
2. Portalink utilises Amazon AWS to host our Portalink™ Product Suite. Amazon AWS adhere to the highest security principles and are independently certified against a range of industry standards.
3. Portalink continuously monitors and protects against threats to our services. Our infrastructure is monitored for unusual/unwanted activity and an IP blacklist is maintained blocking unwanted request activity.
4. Portalink annually engages globally reputable consulting firms to conduct external Penetration Testing and report on any recommended actions.
5. Portalink stores all passwords within its database, in hashed form, using a combination of MD5 and Base64 Encoding (no plain password is stored).
6. Portalink uses SSL Certificates provided by GlobalSign and Symantec. Both are well-known certificate providers and meet industry standards for security.
7. Portalink does not directly access client databases. All data feeds are sent from the client database to a Secure File Transfer Protocol (SFTP) site.
9. Portalink monitors the Australian Signals Directorate published list of 35 mitigation strategies; with particular emphasis places on the top 4. All of these controls are implemented within our environment.
10. All Portalink staff are bound by confidentiality agreements.