Security at Eftsure

Leading the way to a secure business community

From the moment staff joins Eftsure, we prioritize the alignment to the industry-recognized CIA model in information security, relating to:

Ensuring the Confidentiality of restricted data across the organization;
The Integrity of data, to ensure data is correct and able to be trusted;
And the Availability of data to ensure data is available to authorized users whenever it is required;

Security is at the forefront of everything that Eftsure does.

Cloud Security

Eftsure is hosted onshore within Amazon Web Services (AWS) and takes advantage of AWS industry leading, and well recognized security features. We have also undergone a formal AWS Foundational Technical Review (FTR) through the AWS Partner Network to acknowledge that the Eftsure solution is recognized as adhering to AWS Well Architected best practices. Amazon Web Services continues to have the highest security posture with compliance to international standards. More information is available from their website: https://aws.amazon.com/compliance/data-center

Data Encryption

We protect the confidentiality, integrity, and availability of Eftsure’s data both in transit and at rest using industry standard encryption protocols including TLS v1.2, TLS v1.3 (when available) and AES-256bit encryption to ensure the standards we use are the most secure and robust that the industry has to offer.

Data Privacy and Handling

Eftsure formally maintains and actively enforces a data classification matrix which articulates how data is treated and protected across the organization. Our data classifications matrix has been reviewed by multiple 3rd party security experts to endorse our approach to the confidentiality, accountability and imposed restrictions are inline with industry standards and security frameworks.

Single Sign-On

Eftsure has implemented Single Sign-On (SSO), a secure authentication process that allows our customers to access our services leveraging their own user logins through Azure Active Directory as well as Okta integration. Our SSO implementation minimizes the risk of unauthorized access and enhances the security of our customers' accounts by ensure our customers have full control of user access management upstream from Eftsure. At Eftsure, we prioritize the protection of our customers' data and information, and SSO is one of the ways we achieve that.

Multi Factor Authentication

Eftsure has implemented Multi Factor Authentication (MFA), an additional layer of security that verifies user identity prior to granting access with two or more factors, such as something that is known such as a password, and something that is in your possession such as a One Time Passwords (OTP) to your nominated mobile phone. With MFA, our customers can rest assured that their accounts are protected against unauthorized access and identity theft. At Eftsure, we are committed to ensuring the highest level of security for our customers, and MFA is one of the ways we achieve that.

In today’s digital world, it is essential every organization enforces multiple layers of protection to ensure its security, the privacy of it’s data, and the protection of it’s customer’s data. At Eftsure we strive to lead the way when it comes to security.

Mark Chazan

CEO, Eftsure

Security Framework Standards

ISO 27001 compliant

We have now formally received our ISO 27001 certification where we have demonstrated we comply to all 114 security requirements under the standard – without any exclusions or exceptions.

ISO 27001 certification is available here

Cyber Assurance Risk Rating

Eftsure has also been consistently rated in the top band of the Cyber Assurance Risk Rating (CARR) Report which is a report based on an independent certification assessment performed by a specialist Cyber Security Specialist analyst company – “Security in Depth”. The Cyber Assurance Risk Rating (CARR) certification methodology is based on the following internationally recognised Security Frameworks: ISO 27001, SANS CIS Security Controls, NIST v1.1, COBIT, ISM.

Security in Depth

FAQ

Eftsure has redundancy configured across multiple AWS data centers in which is demonstrated within our Recovery Time Objectives and Recovery Point Objectives as documented and verified through our Business Continuity and Disaster Recovery Plans. Availability also extents beyond infrastructure and to our resources as well where we have a dedicated Verifications team who are able to operate 24 hours a day, during Monday – Friday.

We have processes in place to monitor changes to regulatory policies to ensure the highest level of compliance through ongoing engagement with 3rd party specialists for advice to ensure that we align with security industry best practices. This includes a long term engagement with an independent 3rd party security firm (Security In Depth), who have customers including the Victoria Police and Victoria State Government, as well as the Reserve Bank of Australia. For more information, please refer to their website: https://securityindepth.com.au

Eftsure maintains a detailed Security Incident Response Plan which adheres to the principles within ISO/IEC 27035, involving:

Incident Preparation;
Incident Identification;
Incident Assessment;
Incident Response;
and Incident Review and Lessons Learned

Our incident response plan has also been reviewed by multiple 3rd party security firms to confirm our commitment to ensuring we are able to handle any unexpected incidents that occur across the organization.