A top priority for DDSN is the security of our customers' information. This is why we have provided this trust page for your information.
DDSN
DDSN Interactive manage the virtual servers that run your applications, and we manage a connected development/staging platform. We also develop and/or manage/support the web applications for some customers. Specifics of your individual services can be found on your project dashboard.
Certification
DDSN is in the process of becoming acredited for ISO 27001 and SOC2 Type II compliance. Let us know if there is another certification that you believe that DDSN should acquire.
Insurance
WorkCover Insurance
Professional Indemnity Insurance
Public & Products Liability Insurance
DDSN is in the progress of obtaining cybersecurity insurance - expected from March 2025
Hosting
DDSN.net Hosting uses hardware, the core network, and the hypervisor for our production hosting services that are managed by Nexon.
DDSN operates an MS Azure tenant for internal business use.
Nexon manages the hypervisor (in this case VMWare) and core network behind the DDSN.net private production cloud which is physically located in Sydney.
DDSN's development/staging equipment is also co-located with Nexon's equipment in Melbourne, so that it's all behind the same centrally managed border firewall and only accessible by Nexon or DDSN staff.
All of the hosting hardware is located in Equinix data centres, comprising
SY1 in Sydney (the production hosting cloud) and
ME1 in Melbourne (where our development/staging hardware resides). The Equinix relationship is managed by Nexon, though we have managed access rights to our development/staging hardware in ME1.
For a standard list of certifications for where are hardware is located, see these links:
Processes and Policies
Australian Privacy Act 1988
Read DDSN's full Privacy Management Plan
Cookies
We can use cookies to identify your computer, and information like this from you and users like you helps us analyze traffic patterns on our site and can help us provide you with a better experience by improving content and making the site easier to use. For more details please see our privacy statement.
Data Access
Our data access approach adheres to the principles of least privilege and need-to-know, ensuring that only a specific and authorized group of individuals have access to production data. By strictly limiting access rights to the minimum necessary for job functions, we minimize the risk of unauthorized data exposure or misuse.
Data Backups
All servers are backed up Weekly archive and Nightly snapshots. DDSN receives a report daily on the outcome of this process.
Data Breach Notifications
DDSN developed a communication plan that specifies who needs to be notified internally and externally, including data protection authorities, affected individuals, and other relevant stakeholders.
Data Erasure
Data is stored on Virtual machines within DDSN.net hosting infrastructure. By request DDSN is able to complete secure deletion of customer data and also on contract termination.
Employee Privacy Training
Employees and contractors who process personal data must comply with the requirements of Data Protection Policy. DDSN employees and contractors members must ensure that:
- all personal data is kept & transferred securely;
- no personal data is disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised third party;
- attend data privacy training at least annually and record attendance on a company register;
- any queries regarding data protection, including subject access requests and complaints, are promptly directed to the CEO.
Encryption in Transit
Software deployed by DDSN uses Transport Layer Security (TLS) protocol to protect data when it’s traveling between the cloud services and customers. TLS provides strong authentication, message privacy, and integrity (enabling detection of message tampering, interception, and forgery), interoperability, algorithm flexibility, and ease of deployment and use.
Encryption at Rest
Encryption at rest is available to clients by request for an additional fee. Ask us to implement encryption of your database at rest.
Multi-Factor Authentication (MFA)
Staff members must utilise mutli-factor authentication (MFA) when accessing essential systems.
Penetration Testing
We conduct regular penetration tests. We also assist customers to run external penetration tests on their hosted applications.
As a matter of policy, partly since we operate a managed hosting service that is shared by multiple clients, we do not share penetration test reports.
Please note for third party developed software -
- We consider it outside the scope of our hosting service to pen test applications that we didn't develop or otherwise don't actively support; this is a client responsibility.
- We'll enthusiastically support (in fact encourage) a pen test of your website application. We can put you in touch with a vendor (ideally they should be independent from us). We could arrange and manage a pen test of your application using our own tools and provide a report, but we think it's better for that process to be independent.
Physical Security
Servers hosting your systems are only accessible by named Nexon or DDSN staff.
Role Based Access Control
Access to DDSN Customer Portal is restricted to individuals with user accounts associated with unique email addresses using Role-based access controls. RBAC uses the group function within Acora to define user roles and privledges. Individuals are associated with groups based on their software usage, employer and hosting or service contracts.
Software Development Lifecycle
Kentico implemented a security into the agile development lifecycle. Security practices are embedded at every stage of the software development process. This includes conducting regular security reviews, and leveraging automated security testing tools within our iterative Agile cycles. By prioritizing security alongside feature development, we ensure that our software not only meets user requirements but also adheres to robust security standards. This achievement underscores our commitment to delivering resilient and secure products to our users.
Xperience by Kentico
Kentico has its own trust centre that we would refer you to.
https://trust.kentico.com/