Security Policy & Practices

Version 1.2 - June 2016

This policy outlines: 1) Member Hub's security practices and resources, and 2) your security obligations. This policy is incorporated by reference into the Member Hub Terms of Service.

Your Obligations

Our documentation may specify restrictions on how Member Hub may be used or configured. You agree to comply with any such restrictions as specified.

You are responsible for properly configuring and using the Services and taking your own steps to maintain appropriate security. You are not permitted to circumnavigate any security measures in an attempt to access data that does not belong to you.

Your credentials used in the Service are confidential. You may not sell transfer, share or sublicense them to any other entity or person.

Reporting Security Vulnerabilities

If you discover a potential security vulnerability, please see our policy on Responsible Disclosure.

We strongly prefer that you notify us in private. Publicly disclosing a security vulnerability without informing us first puts the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue. Thank you!

Our Obligations

Without limiting any provision of the Member Hub Terms of Service, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.

Our Security Practices

Member Hub manages information security using a framework, which specifies the requirements for establishing, implementing, maintaining and continually improving a comprehensive information security management system and risk management capabilities.

1. Data Center Security

Member Hub runs on the Amazon Web Services (AWS) global infrastructure platform. The Service is only hosted on Australian infrastructure at this point-in-time.

AWS publishes an "Overview of Security Processes" whitepaper that serves as the reference material for this section.

1A. – Compliance
AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 9001 / ISO 27001, IRAP, and PCI DSS. Additionally AWS also has assurance programs that provide templates and control mappings to help customers establish the compliance of their environments running on AWS against 20+ standards.
1B. – Physical Security
AWS data centers are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
1C. – Environmental Security

AWS data center environmental controls include:

  • Fire detection and suppression
  • Redundant power systems, backed up by uninterruptible power supply units and generators
  • Climate and temperature controls
  • Active system monitoring

2. Network Security

2A. – Secure Architecture

Member Hub runs in an AWS Virtual Private Cloud. Most services run in a private subnet and are not publicly exposed.

2B. – Firewalls

Member Hub utilises an inbound firewall configured in deny-all mode. HTTP, HTTPS and SSH ports are opened as necessary.

3. Platform Security

3A. – Access Management and Restrictions

Member Hub workforce members are only granted administrative privileges on an as-needed, least-privilege basis. Access reviews are performed on a regular basis.

3B. – Logging and Monitoring

Member Hub logs AWS and Member Hub API activity. The Member Hub platform monitors performance indicators such as disk, memory, compute, and logging issues, and automatically notifies Member Hub of issues.

3C. – Security Assessments

Member Hub code undergoes automated testing and manual code review prior to being deployed to production. We receive regular notifications of vulnerabilities and patches on a continuous basis.

3D. – Databases

Databases run in the database layer in our Virtual Private Cloud, on a private subnet accessible only from the Member Hub platform.

4. Contingency Planning

4A. – Backups

Our database supports intermediate backups (e.g. write-ahead logs), Member Hub configures these intermediate backups through AWS to span at least the time between daily backups, to enable fine-grained, point-in-time disaster recovery. Full backups are taken daily and retained for a period of time outlined in the standard Service SLA.

4B. – Fault Tolerance

AWS data centers are clustered into regions, and sub-clustered into availability zones, each of which is designed as an independent failure zone, meaning they are:

  • Physically separated
  • Located in lower-risk flood plains
  • Equipped with independent uninterruptable power supplies and onsite backup generators
  • Fed via different grids from independent utilities, and
  • Redundantly connected to multiple tier-1 transit providers

Member Hub is distributed across multiple availability zones within Sydney, Australia.

Friendly 24-hour support

100% uptime the last 12 months

We care about security & privacy