Our robust application security model prevents any customer from accessing another customer’s data. This security model is reapplied with every request and enforced for the entire duration of a user session.
Our system is developed to the highest coding standards and software architecture. We use best practices on our development framework and lifecycle. Our codebase undergoes both functional and security reviews on a regular basis to ensure quality remains up to our rigorous standards.
The latest firewall protection, intrusion detection systems, and proprietary security products across all segments of our network, protect the entire Chinsay platform, including your data. We work closely with 3rd party service providers to continuously test the network for security breaches.
Chinsay protects customer data by ensuring that only authorised users can access it using their unique username and password. Users are prevented from choosing weak passwords. An encrypted session ID cookie is used to uniquely identify each user. You can also choose to restrict access to a specified IP range so that access is restricted to designated physical locations or through your organisation's VPN.
As the first level of data protection, customer data is continually backed up to a local disk. Encrypted backups are transmitted to our secured disaster recovery site on a daily basis on a private fibre link between the Microsoft Azure data centres and TelecityGroup. For an additional level of data protection, this private fibre keeps this traffic off the internet.
Chinsay has implemented a disaster recovery plan designed to keep us running during a service interruption from a secondary data centre. The secondary data centre is managed by TelecityGroup and is ISO 27001:2005, ISO 9001:2008, ISO 14001 and PCI DSS certified. Physical access to Chinsay servers is restricted to authorised personnel only. Our servers are protected by the latest security systems using a layered approach to site security and access. Plus, it is manned 24/7.
Monitoring and logging
Chinsay’s service is continually monitored for attempted security violations; our team is notified immediately of any such attempts. Our service generates system logs and audit data, both of which are reviewed to detect any security violations. We implement various 3rd party scanning technologies to monitor the service against any potential threats.
All data is encrypted in transfer and all access to the service is governed by strict password security policies. All passwords are stored in an unreadable hashed/salted format that cannot be reversed back to reveal the original password. Chinsay's products are protected by 256-bit SSL encryption.