Information security is a priority at RedEye, as owners and operators of critical infrastructure store, search, and manage their engineering operations and maintenance data in RedEye solutions. As our customer base grows and the amount of stored data increases, we ensure our systems and our client’s data is suitably protected.
To ensure that clients are confident their data is protected, RedEye has implemented an Information Security Management System (ISMS) that meets the requirements of AS/NZS ISO/IEC 27002:2013(E) and protects customer and business information from a range of threats.
RedEye is committed to periodically reviewing and improving its ISMS to ensure its controls are commensurate with the value and business significance of the information stored.
This policy applies to all business operations, equipment, processes, and developed products by RedEye.
The objective of RedEye’s ISMS is to:
- Secure all RedEye and client assets against theft, fraud, malicious or accidental damage, or a breach of privacy or confidentiality
- Deliver a reliable cloud service to demonstrate that the platform is fit for purpose to work with sensitive information
- Ensure software is built and maintained in a secure manner throughout the software development lifecycle
- Minimise the security risks RedEye faces to reduce exposure to all internal and external threats
- Treat and resolve security incidents and suspected vulnerabilities in a timely manner in accordance with their respective nature
- Ensure the organisation is prepared for possible disaster and threat scenarios
Certification audit scheduled for April 2020 with SAI Global.
Data Protection Controls
RedEye complies with the European General Data Protection Regulation (GDPR).
Data Sovereignty and Backups
Maintaining control over where data is located for both production and backups is critical for RedEye clients.
RedEye uses the AWS S3 service to store client’s file data which is hosted in an AWS region agreed to by the client. To provide protection against failures in AWS S3, files are backed up into Azure in a data centre in the same country but different location.
The frequency in which backups are performed depend on the SLAs agreed upon by the client.
In addition to off-site backups, RedEye uses the S3 Versioning feature that keeps versions of all files so that any malicious or accidental deletion or modification to files can be reverted. All data stored in AWS and Azure is encrypted at-rest.
In order for RedEye to maintain its agreed SLAs, Disaster Recovery Rehearsals are performed by the Operations Team on a monthly basis to ensure that all automation scripts are functional and procedures work in the event of a disaster.
Security by Design
Creating a stable, reliable, and secure platform depends on how well the underlying infrastructure is designed, built, and maintained. In order to scale and recover from disasters, RedEye’s cloud infrastructure is built from the ground up using automation configuration and deployment.
Built upon Apache Mesos, all application services are deployed using containers to provide a resilient and scalable foundation to build our solutions on that provide a very high level of availability for critical systems.
To keep systems secure, all infrastructure is privately addressed with access to systems only available through AWS Application Load Balancers which are protected with WAF Rules and AWS Shield and only permit TLS1.2 encryption.
Host Intrusion Detection Software is deployed across all servers to ensure Operations detect any malicious access attempts.