Skip to content

Security Framework Overview

referoo_linkedin_blog_15

Referoo’s approach to security is built on the robust standards of ISO 27001, supplemented by the OWASP Software Assurance Maturity Model (SAAM) framework, ensuring industryleading information protection. Our commitment to security is demonstrated through comprehensive policies, procedures and continuous improvement. Key elements of our security framework include:

Information Security Management System (ISMS):

The ISMS governs all aspects of information security, covering our policies, procedures and compliance efforts.

Cloud-First Operations & Network Security:

With a predominantly cloud-based infrastructure, our security measures are designed to safeguard services and data. Network security is continuously monitored to meet strict service and security requirements.

Data Encryption & Privacy Protection:

Referoo ensures that all data is encrypted, using AES 256 for data at rest and TLS 1.3 for data in transit, ensuring the highest levels of security during storage and transmission.

Supplier Management:

We work closely with suppliers through data-processing agreements and regular KPI evaluations to ensure they meet our high-security standards.

Regulatory Compliance:

Referoo complies with the General Data Protection Regulation (GDPR) and the Australian Privacy Act, ensuring the protection of personal data and privacy for all users.

Business Continuity & Disaster Recovery:

We maintain strong business continuity and disaster recovery protocols, ensuring minimal downtime and data protection in the event of unforeseen incidents.

Employee Focus:

We prioritise our employees' role in maintaining security by providing ongoing security awareness programs and additional training for staff in key roles, ensuring they are equipped to handle evolving threats.

Access Control & Identity Management:

We enforce robust access controls, including multi-factor authentication (MFA) and role-based access control (RBAC), ensuring only authorised individuals have access to sensitive information.

Security Testing & Vulnerability Management:

Referoo conducts annual penetration testing to identify potential vulnerabilities. We also perform regular Qualys vulnerability scanning, OWASP ZAP scanning for web application security and AWS image scanning to ensure our infrastructure and applications remain secure and up to date.

Incident Reporting:

All employees are required to report any suspected security incidents immediately, enabling swift action and resolution.

Third-Party Audits & Certifications:

Referoo undergoes regular external audits to ensure our compliance with ISO 27001 and industry best practices.

Continuous Improvement:

We are always looking to strengthen our security measures by setting new objectives and striving for ongoing compliance with ISO 27001 and OWASP SAMM. For more detailed information, please reach out to support for additional documentation including our Information Security Policy.

Key Contacts
Referoo Support
info@referoo.com.au