Privacy & Security Policy
Application Security & Privacy Framework
At Lovestock & Leaf, the privacy and security of applications we develop and 3rd party Software as a Service cloud solutions we implement is of critical importance. A key component of all of our business critical development projects is to map out the security risks involved in handling client data and to ensure that the necessary processes and software are implemented to protect data from unauthorised access or loss. The level of security required will depend on the specific requirements of the business and data sensitivity, however at a minimum we consider and adhere to as necessary the following application security protocols.
Encryption – Secure Socket Layers – (SSL)
As best practice for implementing security for web applications, SSL is always used as the base security layer, meaning that anything communicated over the web is encrypted with enterprise grade cryptographic protocols. By using SSL, all sessions to your application are encrypted and end-customers/users are directed to a secure HTTPS site. (e.g https://yoursite.lovestockleaf.com)
Compliance with Information Privacy Principles
Working as an agency on behalf of our clients, we are always cognisant of the overarching 10 point privacy principals detailed in the Australian Privacy Act 1988. http://www.privacy.gov.au/materials/types/infosheets/view/6583. These privacy principles summarise the requirements of the Privacy Act of 1988. The principles are to be followed by companies that collect personal information from their own customers. Any web solution we develop that collects such customer data therefore must consider how these elements apply and what security measures need to be put in place for the project at hand.
Remote Authentication/Single-Sign-On (SSO)
At L&L, we are specialists in designing and configuring remote authentication and SSO solutions to securely sign in users seamlessly from one application to another. Specifically, we develop solutions for integration of multiple SaaS applications as well as utilising API frameworks to securely pass data between separate applications.
3rd Party Hosting Service Compliance & Certification
Hosting services engaged by L&L to host and manage applications we have developed for our clients are subject to stringent security and privacy criteria. Depending on the level of data risk, decisions are made on hosts and data centres that are proven to be compliant with industry standards and protocols relating to the application security techniques and privacy considerations relating to data handling. A list of the relevant standards and programs that we look for in selecting a hosting provider for our clients is below:
- International Standards Organisation – ISO/IEC 27005:2011
- Statement on Standards for Attestation Engagements (SSAE) No. 16
- Authorised Privacy Body Certification such as the TRUSTe Program
- US hosted applications – compliance with the US/EU safe harbor agreement relating to standards for privacy protection (http://export.gov/safeharbor/)
Data Access & Retrieval
One of the key criteria we use in selecting a SaaS solution for our clients is to ensure that the client's data, although hosted externally can be retrieved upon request and easily exported from the application for ongoing data backup and client use.