Compliance and standards
MessageMedia hosts our core web portal platform on infrastructure provided by Amazon Web Services (AWS). We build on Amazon to ensure our infrastructure is compliant with a number of requirements, as AWS is accredited with the following assurance programs/standards: including ISO 27001, HIPAA and SOC2. A full list of compliance standards is available in the AWS Security and Compliance Whitepaper.
MessageMedia hosts other customer data in online platforms that are compliant with other relevant standards, with ISO27001 for all platforms and with PCI-DSS accreditation for our billing platforms.
Other security controls for MessageMedia Platform and Support Services are assessed and implemented as part of our Security Program which is aligned with ISO27001.
Reliability and performance
Security
Data In Transit
Data connections between customers and MessageMedia can be protected with TLS 1.2 using AES ciphers. This encryption, when configured correctly by customers, is equivalent in strength to the recommendations provided by the Australian Government Information Security Manual and aligns with the stringent requirements of a number of other government and industry standards.
Customer data transfers within MessageMedia is protected by segregated networks or Virtual Private Networks. Where MessageMedia Group (MMG) access is required, this is strictly limited only to necessary staff.
Data Encryption
Sensitive Data, including Customer Data, is encrypted at REST using AES Encryption.
Network protection
MessageMedia networks are segregated from normal corporate networks at the internet either physically, using Virtual Private Networks or cloud-based networks. Access to these networks is secured using firewalls and network configuration to limit access to what is required. Where MMG access is required, this is limited only to necessary staff.
Security logging, monitoring & response
Security events and other logs from our platforms are recorded and monitored in accordance with industry practices.
Security Incidents are managed according to our internal Security Incident Response plan, which is compliant with Australian Privacy Act requirements, including in connection with the mandatory data breach notification scheme.
Access Control
Customer access (authentication and authorisation) provides discrete control over accounts who have access to customer accounts, including
For MessageMedia staff access, we use:
Data Residency
Please see Section 10 of our Privacy Policy.
Integrations
Ecosystems
MessageMedia builds its integrations with other ecosystems (including Shopify, HubSpot and NetSuite integrations) securely. MessageMedia cannot secure the customer installations of these ecosystems or configurations of these ecosystems, including access control, auditing of ecosystem functions, infrastructure security or other compliance requirements. Where we have control of integration configuration, we will ensure that Data in Transit is encrypted appropriately according to the guidance above.
This Security Statement applies to users of our MessageMedia web portal and REST API. Different security protocols apply to MessageMedia Manager web portal and users of our SOAP API.