We know that the security of your data is of the utmost importance. That’s why we implement best practice and industry standard controls to ensure the safety of your information.
ISO27001 is an international standard for the best practice implementation of an Information Security Management System (ISMS).
As one of the most complete security guidelines in existence, ISO 27001 ensures that certified organisations can be trusted for their management of top tier information security systems and data privacy. As an ISO 27001-certified business, you can have confidence that HowToo has prioritised information security and the handling of sensitive data across all our practices.
Even better, HowToo is voluntarily audited by AQCS Consulting at 6 monthly intervals to verify our effectiveness and compliance to this exceptionally high standard.
HowToo’s applications and your data is securely stored on locally-based servers provided by Amazon Web Services (AWS). AWS is the industry leader for providing secure, cloud-based computing.
With more security standards and compliance certifications than any other offering, AWS maintains the highest quality of physical, environmental, access and business continuity controls.
We employ AWS’s Australian data centers in the Sydney region so that your organisation can easily satisfy internal requirements.
Customer data is stored and processed on segregated databases with individual authentication.
The HowToo team follows strict on-site security measures to protect our office-based assets, including key card access, locks, visitor authorisation, security feeds and best-practice processes.
Data handled by HowToo is encrypted in transit and at rest via the AWS Key Management Service (KMS). HowToo employs SHA-256 encryption and authentication protocols, with keys rotated regularly and private keys kept in an encrypted drive. All encryption keys are created, revoked and destroyed according to our documented key management process.
HowToo maintains comprehensive Business Continuity Management and Incident Management Process documentation that is regularly reviewed and tested by our team.
HowToo’s comprehensive, ISO 27001 accredited access control policy ensures that your data is rarely accessed. Strict, role-based user access is employed and managed via the AWS IAM Manager . Access logs are retained for 12 months and regularly audited. Access is conducted directly via trusted IPs.
HowToo is dedicated to the privacy of our customer’s data, and all business is conducted with adherence to the Australian Privacy Act (1988) and privacy principles.
The entire HowToo team has been trained in information security practices according to their roles and in compliance with our ISO 27001 certification. Our comprehensive, ISO 27001- certified information security and privacy policies are shared with and made available to all employees and contractors with access to HowToo.
HowToo exhaustively tests all software releases for security vulnerabilities prior to new releases in compliance with our ISO 27001 certification. Patch management is conducted weekly, as is vulnerability testing by external agency Qualys . Penetration testing is conducted regularly.
HowToo follows a formally implemented and documented Change Management Process at all times. Production/Service data is never used during product development, with strictly segregated development and staging environments employed. All updates are thoroughly reviewed by our team and our Quality Analyst using Jenkins CI/CD prior to release.