Portalink treats data security and integrity with utmost seriousness.

​

Portalink is non-invasive and has no direct access to any client databases.

​

Precautions have been implemented to restrict unauthorised access to sensitive data and all activities conducted by Portalink's support consultants is carefully tracked and monitored.

​

1. Portalink's approach to information security security is embedded in our development methodology. Our technical team adhere to industry development practices, which include a strict coding standard, a standard source repository branching policy, continuous integration, pair programming, and reviews.

 

2. Portalink utilises Amazon AWS to host our Portalink™ Product Suite. Amazon AWS adhere to the highest security principles and are independently certified against a range of industry standards.

​

3. Portalink continuously monitors and protects against threats to our services. Our infrastructure is monitored for unusual/unwanted activity and an IP blacklist is maintained blocking unwanted request activity.

​

4. Portalink annually engages globally reputable consulting firms to conduct external Penetration Testing and report on any recommended actions.

 

5. Portalink stores all passwords within its database, in hashed form, using a combination of MD5 and Base64 Encoding (no plain password is stored).

​

6. Portalink uses SSL Certificates provided by GlobalSign and Symantec. Both are well-known certificate providers and meet industry standards for security.

​

7. Portalink does not directly access client databases. All data feeds are sent from the client database to a Secure File Transfer Protocol (SFTP) site.

​

9. Portalink monitors the Australian Signals Directorate published list of 35 mitigation strategies; with particular emphasis places on the top 4. All of these controls are implemented within our environment.

​

10. All Portalink staff are bound by confidentiality agreements.