August 25, 2025

Engagement Hub Security and Compliance Overview

At Engagement Hub, we prioritise the safety, privacy, and integrity of your community’s data. Our platform uses the latest cybersecurity technologies and follows global standards to keep your engagement activities secure, reliable, and accessible.

Compliance and Information Security Management

Information Security Management System (ISMS)

Engagement Hub maintains a comprehensive Information Security Management System (ISMS) to systematically identify, manage, and reduce security risks across our organisation. This ensures all systems and processes run securely and efficiently.


Privacy and Legislative Compliance

Data Privacy Compliance

Engagement Hub complies with relevant privacy legislation in Australia and New Zealand, including:

  • Australian Privacy Act 1988
  • Privacy Regulation 2013
  • Privacy Amendment (Enhancing Privacy Protection) Act
  • New Zealand Privacy Act 2020

We are committed to protecting user data within our infrastructure, application, and governance frameworks.

SPAM Act Compliance

According to the Australian SPAM Act, stakeholders must give explicit consent to receive mass communications from client sites using the Engagement Hub platform.


Network and Hosting Security

Cloud Infrastructure and Data Centre

Engagement Hub is hosted on Amazon Web Services (AWS), using ISO 27001:2022 and SOC-certified infrastructure. Our data centre is located in Sydney, Australia, ensuring data sovereignty and compliance with local data storage laws.

Learn more at the AWS Compliance page or view the ISO certificate here.


Application-Level Security

Continuous Security Monitoring

As part of our ISMS, Engagement Hub employs ongoing processes to secure our application, including:

  • Scheduled and ad hoc penetration testing
  • Real-time software vulnerability scanning
  • Patch management for timely updates

DDoS Protection and Firewalling

  • ConfigServer Security & Firewall is used for DDoS protection.
  • Firewalls limit access to all ports except HTTPS (443).
  • AWS Shield offers additional network-level protection.

Penetration Testing and Vulnerability Management

Engagement Hub conducts both manual and automated penetration testing to evaluate application resilience. Automated tools check for:

  • SQL Injection
  • Cross-Site Scripting (XSS)
  • PCI compliance
  • General vulnerability identification

Data Protection and Access Control

Data Confidentiality and Integrity

Your data is only accessed by Engagement Hub when you explicitly authorise it. Access is limited to:

  • Site administrators
  • Nominated project administrators

No third-party access is allowed.

Access Control Permissions

  • Site administrators manage the creation and removal of admin accounts.
  • Project administrators can be assigned varying permissions to manage stakeholder access.

User Authentication and Secure Access

Password Security

Passwords are secured by:

  • Enforced complexity requirements
  • One-way encryption (hashed format)
  • No clear-text storage

Single Sign-On (SSO) and Two-Factor Authentication (2FA)

  • Azure ID / Microsoft Entra SSO is available for admin users (additional fee).
  • 2FA can be enforced for administrators and stakeholders by site admins.

HTTPS and Secure Protocols

All access to Engagement Hub is securely handled through HTTPS. We use:

  • TLS 1.3 for encrypted communication
  • SSL certificates are included by default

Encryption Standards

All data is encrypted:

  • In transit
  • At rest
  • In backups

Using standard algorithms:

  • AES-256
  • SHA-2 (256-bit)

Backups and production data are isolated and stored in redundant, private subnets within Sydney, Australia.


System Logging, Monitoring, and Incident Response

Real-Time System Monitoring

Engagement Hub systems are monitored 24/7/365 for unusual activity, covering:

  • Operating system and network infrastructure
  • Load balancing
  • Web servers and databases
  • Firewall and intrusion detection systems

Incident Management

Our Information Security Incident Management Policy ensures effective identification, investigation, and resolution of security incidents. Clients are informed according to our reporting obligations.


Disaster Recovery and Business Continuity

Engagement Hub guarantees 99.99% uptime, with historical performance exceeding this target.

Backup and Restore

  • Daily backups are kept for 7 or 14 days based on support level.
  • Backups are securely stored in Sydney.
  • Procedures are regularly tested as part of our Business Continuity & Disaster Recovery Plan (BCP).

Secure Software Development and Deployment

We follow a Secure Development Policy to ensure all new features are:

  • Developed in isolated environments (development, testing, production)
  • Quality-checked before release
  • Launched in a controlled and secure manner

Accessibility and Device Compatibility

Accessibility Standards

Engagement Hub is fully compliant with WCAG 2.2 Level AA. We also offer the UserWay plugin to improve accessibility for users with additional needs.

Cross-Device Compatibility

The platform is 100% responsive across all devices and is optimised for the latest versions of:

  • Microsoft Edge
  • Google Chrome
  • Mozilla Firefox
  • Safari

Conclusion

At Engagement Hub, we have a strong focus on security, privacy, compliance, and accessibility. Our platform is designed to give you confidence in the security of your online engagement activities, backed by robust infrastructure, ongoing monitoring, and compliance to national and local standards.

For more information, request our Security & Compliance Statement here.

popular pages
Comparing online engagement & Stakeholder Management software?
leading sentiment analysis software
Featured posts