Your security is our highest priority

Rest easy. Your data is safe with us.

We know that the security of your data is of the utmost importance. That’s why we implement best practice and industry standard controls to ensure the safety of your information.

Decorative image of blue shield with check mark

Security certification

HowToo is proud to be ISO/IEC 27001 certified as a commitment to our clients, vendors and partners.

ISO27001 is an international standard for the best practice implementation of an Information Security Management System (ISMS).

As one of the most complete security guidelines in existence, ISO 27001 ensures that certified organisations can be trusted for their management of top tier information security systems and data privacy. As an ISO 27001-certified business, you can have confidence that HowToo has prioritised information security and the handling of sensitive data across all our practices.

Even better, HowToo is voluntarily audited annually by CyberUnlocked to verify our effectiveness and compliance to this exceptionally high standard.

ISO 27001 Approved Company Certification Badge

Further Information

Data storage

HowToo’s applications and your data is securely stored on locally-based servers provided by Amazon Web Services (AWS). AWS is the industry leader for providing secure, cloud-based computing.

With more security standards and compliance certifications than any other offering, AWS maintains the highest quality of physical, environmental, access and business continuity controls.

We employ AWS’s Australian data centers in the Sydney region so that your organisation can easily satisfy internal requirements.

Customer data is stored and processed on segregated databases with individual authentication.

The HowToo team follows strict on-site security measures to protect our office-based assets, including key card access, locks, visitor authorisation, security feeds and best-practice processes.


Data handled by HowToo is encrypted in transit and at rest via the AWS Key Management Service (KMS). HowToo employs SHA-256 encryption and authentication protocols, with keys rotated regularly and private keys kept in an encrypted drive. All encryption keys are created, revoked and destroyed according to our documented key management process.

Business continuity

HowToo maintains comprehensive Business Continuity Management and Incident Management Process documentation that is regularly reviewed and tested by our team.

Account security

We provide SSO options for users and enterprises to secure their accounts.

Data access

HowToo’s comprehensive, ISO 27001 accredited access control policy ensures that your data is rarely accessed. Strict, role-based user access is employed and managed via the AWS IAM Manager . Access logs are retained for 12 months and regularly audited. Access is conducted directly via trusted IPs.

HowToo is dedicated to the privacy of our customer’s data, and all business is conducted with adherence to the Australian Privacy Act (1988) and privacy principles.

Security awareness

The entire HowToo team has been trained in information security practices according to their roles and in compliance with our ISO 27001 certification. Our comprehensive, ISO 27001- certified information security and privacy policies are shared with and made available to all employees and contractors with access to HowToo.

Code testing and updates

HowToo exhaustively tests all software releases for security vulnerabilities prior to new releases in compliance with our ISO 27001 certification. Patch management is conducted weekly, as is vulnerability testing by external agency Qualys. Penetration testing is conducted regularly.

HowToo follows a formally implemented and documented Change Management Process at all times. Production/Service data is never used during product development, with strictly segregated development and staging environments employed. All updates are thoroughly reviewed by our team and our Quality Analyst using Jenkins CI/CD prior to release.

In-app permissions

Users can be assigned different roles to administer, manage, design or access content.