MessageMedia hosts our core web portal platform on infrastructure provided by Amazon Web Services (AWS). We build on Amazon to ensure our infrastructure is compliant with a number of requirements including ISO 27001, HIPAA and SOC2. A full list of compliance standards is available in the AWS Security and Compliance Whitepaper.
MessageMedia hosts other customer data in online platforms that are compliant with other relevant standards, with ISO27001 for all platforms and with PCI-DSS accreditation for our billing platforms.
Other security controls for MessageMedia Platform and Support Services are assessed and implemented as part of our Security Program which is aligned with ISO27001. We can provide additional detail on request.
Highly available and redundant platform running in AWS in active-active configuration across three availability zones
Low latency messaging API offering sub 100 millisecond response times and 99.95% uptime
Messaging gateway offering processing of 95% of messages within 2 seconds
Redundant connections to major telecommunication networks (in AU) at all layers of the stack (application, data centre, geography, providers)
Highly scalable platform allowing for large high volume sending
Message prioritisation capabilities to ensure high priority messages are delivered even when large volume sending is occurring
Data connections between customers and MessageMedia can be protected with TLS 1.2 using AES ciphers. This encryption, when configured correctly by customers, is equivalent in strength to the recommendations provided by the Australian Government Information Security Manual and aligns with the stringent requirements of a number of other government and industry standards.
Customer data transfers within MessageMedia is protected by segregated networks or Virtual Private Networks. Where MessageMedia Group (MMG) access is required, this is strictly limited only to necessary staff.
Sensitive Data, including Customer Data, is encrypted at REST using AES Encryption.
MessageMedia networks are segregated from normal corporate networks at the internet either physically, using Virtual Private Networks or cloud-based networks. Access to these networks is secured using firewalls and network configuration to limit access to what is required. Where MMG access is required, this is limited only to necessary staff.
Security events and other logs from our platforms are recorded and monitored in accordance with industry practices.
Security Incidents are managed according to our internal Security Incident Response plan, which is compliant with Australian Privacy Act requirements, including in connection with the mandatory data breach notification scheme.
Customer access (authentication and authorisation) provides discrete control over accounts who have access to customer accounts, including
Individual Customer Accounts for each user to improve authentication
The ability to manage your own API keys for programmatic connectivity in our MessageMedia Web Portal
For MessageMedia staff access, we use:
A single corporate staff directory supported role-based access control
Multi-factor authentication (MFA) for all staff access, including re-authentication for Privileged User Accesses.
MessageMedia builds its integrations with other ecosystems (including Shopify, HubSpot and NetSuite integrations) securely. MessageMedia cannot secure the customer installations of theses ecosystems or configurations of these ecosystems, including access control, auditing of ecosystem functions, infrastructure security or other compliance requirements. Where we have control of integration configuration, we will ensure that Data in Transit is encrypted appropriately according to the guidance above.
This Security Statement applies to users of our MessageMedia web portal and REST API. Different security protocols apply to MessageMedia Manager web portal and users of our SOAP API.