A normal part of the customer purchasing process is a rigorous risk assessment, which checks that our technology and information management processes are secure.
Making sure our technology and information management processes are secure is one of our top priorities. If our customers are to learn and act faster through their people's feedback, we know they must feel safe and trust us with their stories. It’s our determined differentiation.
So, at Plaetos Group we're seriously committed to our customers' data privacy and information security.
We are bound by the following commitments:
- We operate a comprehensive ISMS in compliance with ISO140001
- Invitations are only issued to addresses supplied to us by our customers, and invited participants must demonstrate that they are in control of that email account to register
- All Plaetos Group employees are required to use 2FA and it is provided to all users within the Platos platform
- User permissions control which forums and which functions within a forum a user can access.
- We have in-built security mechanisms to help prevent spoofing, hi-jacking and SQL injection attacks
- DDoS protection, firewall and IP restriction are managed by the Cloudflare service
- Microsoft Azure IP restriction policies are applied
- Data in transit is secured with 256-bit SSL encryption.
- Our virtual CISO service provided by highly regarded security consultants Fortian
- We work to strict application development standards
- Penetration testing is undertaken by an independent consultancy annually and at major upgrades.
- We are Australian Privacy Principles (APP) compliant
- We work in conformance with the General Data Protection Regulation (GDPR)
- Our Terms of Service preclude us providing our customers with re-identified participant data.