{"id":5439,"date":"2017-07-21T16:31:26","date_gmt":"2017-07-21T06:31:26","guid":{"rendered":"https:\/\/roubler.com\/nz\/security-policy\/"},"modified":"2019-11-03T08:52:14","modified_gmt":"2019-11-02T21:52:14","slug":"security-policy","status":"publish","type":"page","link":"https:\/\/roubler.com\/nz\/security-policy\/","title":{"rendered":"Security Policy"},"content":{"rendered":"\n<div class=\"wp-block-group large-intro-text\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p class=\"has-text-align-center has-large-font-size\">At Roubler, we know that our customers rely on us as an important part of their business processes. <\/p>\n\n\n\n<p class=\"has-text-align-center has-large-font-size\">We take this responsibility to our customers very seriously, and the security and reliability of the software, systems and data that make up the Roubler suite of products are our top priority.<\/p>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator has-text-color has-background has-dark-grey-background-color has-dark-grey-color\"\/>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><b>Infrastructure Security<\/b><\/h3>\n\n\n\n<p>The Roubler application is hosted and managed within the Amazon Web Services (AWS) cloud computing infrastructure \u2013 the most secure cloud computing environment available today. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. AWS inherently protects from threats by applying security controls at every layer \u2013 from physical to application \u2013 isolating applications and data, whilst rapidly deploying security updates without service interruption. As a result, the Roubler application is afforded all the benefits of being hosted on the AWS infrastructure, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Regular security assessments and compliance auditing<\/li><li>Ongoing penetration testing and vulnerability assessments<\/li><li>Real-time antimalware and antivirus protection for file systems, memory, processes and registry database<\/li><li>Rolling updates and security patching with zero downtime<\/li><li>Environmental safeguards<\/li><li>Network security safeguards<\/li><li>Data security safeguards<\/li><li>System security safeguards<\/li><li>Vulnerability management<\/li><li>Backups<\/li><li>Disaster recovery<\/li><li>Privacy<\/li><li>Restricted access to customer data<\/li><li>Employee screening and policies<\/li><li>Dedicated security staff<\/li><\/ul>\n\n\n\n<p>Additionally, AWS provides certification reports that describe how the AWS Cloud infrastructure meets the requirements of an extensive list of global security standards, allowing ROUBLER to meet specific government, industry, and company security standards and regulations, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>ISO 27001<\/li><li>SOC<\/li><li>PCI Data Security Standard<\/li><li>FedRAMP<\/li><li>Australian Signals Directorate (ASD) Information Security Manual<\/li><li>Singapore Multi-Tier Cloud Security Standard (MTCS SS 584)<\/li><\/ul>\n\n\n\n<p>For more information, please see the <a href=\"https:\/\/aws.amazon.com\/security\/\">AWS Security<\/a> page.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>Application Security<\/b><\/h3>\n\n\n\n<p>The ROUBLER web application adopts the OWASP Top Ten and OWASP Mobile Top Ten as a means of ensuring application code is free from flaws and security vulnerabilities. The OWASP Top Ten is a set of powerful awareness document for web and mobile application security. The OWASP Top Ten represents a broad consensus about what the most critical web and mobile application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce a list of the top ten security vulnerabilities affecting web and mobile applications.<\/p>\n\n\n\n<p>Adopting the OWASP Top Ten ensures Roubler is protected against:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Injection<\/li><li>Broken Authentication and Session Management<\/li><li>Cross-Site Scripting (XSS)<\/li><li>Insecure Direct Object References<\/li><li>Security Misconfiguration<\/li><li>Sensitive Data Exposure<\/li><li>Missing Function Level Access Control<\/li><li>Cross-Site Request Forgery (CSRF)<\/li><li>Using Components with Known Vulnerabilities<\/li><li>Unvalidated Redirects and Forwards<\/li><\/ol>\n\n\n\n<p>Adopting the OWASP Mobile Top Ten ensures Roubler is protected against:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Weak Server Side Controls<\/li><li>Insecure Data Storage<\/li><li>Insufficient Transport Layer Protection<\/li><li>Unintended Data Leakage<\/li><li>Poor Authorisation and Authentication<\/li><li>Broken Cryptography<\/li><li>Client Side Injection<\/li><li>Security Decisions Via Untrusted Inputs<\/li><li>Improper Session Handling<\/li><li>Lack of Binary Protections<\/li><\/ol>\n\n\n\n<p>Additionally, all Roubler technical staff receive OWSAP Top 10 training. The training takes staff through a practical approach to the following secure coding principles:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Threat Risk Modelling<\/li><li>Handling E-Commerce Payments<\/li><li>Phishing<\/li><li>Web Services<\/li><li>Ajax and Other &#8220;Rich&#8221; Interface Technologies<\/li><li>Authentication<\/li><li>Authorisation<\/li><li>Session Management<\/li><li>Data Validation<\/li><li>Interpreter Injection<\/li><li>Canonicalisation, locale and Unicode<\/li><li>Error Handling, Auditing and Logging<\/li><li>File System<\/li><li>Distributed Computing<\/li><li>Buffer Overflows<\/li><li>Cryptography<\/li><li>Configuration<\/li><li>Software Quality Assurance<\/li><li>Deployment<\/li><li>Maintenance<\/li><\/ul>\n\n\n\n<p>For more information, please see the <a href=\"https:\/\/www.owasp.org\/\">OWASP<\/a> website.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>Payments Security<\/b><\/h3>\n\n\n\n<p>The Roubler application uses the Braintree payments service for the secure transaction and storage of all payments. Braintree focuses on providing a secure environment that goes above and beyond industry security standards and guidelines. Braintree is a validated Level 1 PCI DSS Compliant Service Provider, and are on Visa\u2019s Global Compliant Provider List and MasterCard\u2019s SDP List.<\/p>\n\n\n\n<p>Braintree is certified to PCI Service Provider Level 1, the most stringent level of certification, actively works to protect against fraudulent charges and monitors suspicious transactions.<\/p>\n\n\n\n<p>For more information, please see the <a href=\"https:\/\/www.braintreepayments.com\/\">Braintree<\/a> website.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>Vulnerability Management and Penetration Testing<\/b><\/h3>\n\n\n\n<p>Roubler undergoes monthly vulnerability assessments conducted by Nessus Cloud and biannual penetration testing conducted by HackLabs, with all high and critical vulnerabilities being addressed immediately. Nessus is a PCI DSS Approved Scanning Vendor (ASV) and provides cloud-based scanning and detection of web server vulnerabilities, known and unknown web application vulnerabilities, and configuration auditing of the Roubler web application platform. HackLabs is a Security Consulting Company specialising in Penetration Testing.<\/p>\n\n\n\n<p>For more information, please see the <a href=\"http:\/\/www.tenable.com\/products\/nessus\/nessus-cloud\">Nessus Cloud<\/a> and <a href=\"http:\/\/www.hacklabs.com\/\">HackLabs<\/a> pages.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>Secure Access<\/b><\/h3>\n\n\n\n<p>All Roubler employees are equipped with secure laptop computers with encryption and antivirus software centrally installed, configured and managed. Technical staff undergo training on relevant security matters that pertain to their job.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><b>More Information<\/b><\/h3>\n\n\n\n<p>If you have any security concerns or questions, feel free to contact us at <a href=\"mailto:security@roubler.com\" target=\"_top\" rel=\"noopener noreferrer\">security@roubler.com<\/a>.<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>At Roubler, we know that our customers rely on us as an important part of their business processes. &#8230;<\/p>\n","protected":false},"author":13,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"content-type":"","footnotes":""},"class_list":["post-5439","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Security Policy - Roubler New Zealand<\/title>\n<meta name=\"description\" content=\"At Roubler, we know that our customers rely on us as an important part of their business processes. Roubler New Zealand\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/roubler.com\/nz\/security-policy\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Policy - Roubler New Zealand\" \/>\n<meta property=\"og:description\" content=\"At Roubler, we know that our customers rely on us as an important part of their business processes. Roubler New Zealand\" \/>\n<meta property=\"og:url\" content=\"https:\/\/roubler.com\/nz\/security-policy\/\" \/>\n<meta property=\"og:site_name\" content=\"Roubler New Zealand\" \/>\n<meta property=\"article:modified_time\" content=\"2019-11-02T21:52:14+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/roubler.com\\\/nz\\\/security-policy\\\/\",\"url\":\"https:\\\/\\\/roubler.com\\\/nz\\\/security-policy\\\/\",\"name\":\"Security Policy - Roubler New Zealand\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/roubler.com\\\/nz\\\/#website\"},\"datePublished\":\"2017-07-21T06:31:26+00:00\",\"dateModified\":\"2019-11-02T21:52:14+00:00\",\"description\":\"At Roubler, we know that our customers rely on us as an important part of their business processes. Roubler New Zealand\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/roubler.com\\\/nz\\\/security-policy\\\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/roubler.com\\\/nz\\\/security-policy\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/roubler.com\\\/nz\\\/security-policy\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/roubler.com\\\/nz\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security Policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/roubler.com\\\/nz\\\/#website\",\"url\":\"https:\\\/\\\/roubler.com\\\/nz\\\/\",\"name\":\"Roubler New Zealand\",\"description\":\"New Zealand&#039;s Best Cloud HR, Employee Roster &amp; Payroll Software\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/roubler.com\\\/nz\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-AU\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security Policy - Roubler New Zealand","description":"At Roubler, we know that our customers rely on us as an important part of their business processes. Roubler New Zealand","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/roubler.com\/nz\/security-policy\/","og_locale":"en_US","og_type":"article","og_title":"Security Policy - Roubler New Zealand","og_description":"At Roubler, we know that our customers rely on us as an important part of their business processes. Roubler New Zealand","og_url":"https:\/\/roubler.com\/nz\/security-policy\/","og_site_name":"Roubler New Zealand","article_modified_time":"2019-11-02T21:52:14+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/roubler.com\/nz\/security-policy\/","url":"https:\/\/roubler.com\/nz\/security-policy\/","name":"Security Policy - Roubler New Zealand","isPartOf":{"@id":"https:\/\/roubler.com\/nz\/#website"},"datePublished":"2017-07-21T06:31:26+00:00","dateModified":"2019-11-02T21:52:14+00:00","description":"At Roubler, we know that our customers rely on us as an important part of their business processes. Roubler New Zealand","breadcrumb":{"@id":"https:\/\/roubler.com\/nz\/security-policy\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/roubler.com\/nz\/security-policy\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/roubler.com\/nz\/security-policy\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/roubler.com\/nz\/"},{"@type":"ListItem","position":2,"name":"Security Policy"}]},{"@type":"WebSite","@id":"https:\/\/roubler.com\/nz\/#website","url":"https:\/\/roubler.com\/nz\/","name":"Roubler New Zealand","description":"New Zealand&#039;s Best Cloud HR, Employee Roster &amp; Payroll Software","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/roubler.com\/nz\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-AU"}]}},"_links":{"self":[{"href":"https:\/\/roubler.com\/nz\/wp-json\/wp\/v2\/pages\/5439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/roubler.com\/nz\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/roubler.com\/nz\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/roubler.com\/nz\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/roubler.com\/nz\/wp-json\/wp\/v2\/comments?post=5439"}],"version-history":[{"count":0,"href":"https:\/\/roubler.com\/nz\/wp-json\/wp\/v2\/pages\/5439\/revisions"}],"wp:attachment":[{"href":"https:\/\/roubler.com\/nz\/wp-json\/wp\/v2\/media?parent=5439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}