Compliance and Information Security Management
Information Security Management System (ISMS)
Engagement Hub maintains a comprehensive Information Security Management System (ISMS) to systematically identify, manage, and reduce security risks across our organisation. This ensures all systems and processes run securely and efficiently.
Privacy and Legislative Compliance
Data Privacy Compliance
Engagement Hub complies with relevant privacy legislation in Australia and New Zealand, including:
- Australian Privacy Act 1988
- Privacy Regulation 2013
- Privacy Amendment (Enhancing Privacy Protection) Act
- New Zealand Privacy Act 2020
We are committed to protecting user data within our infrastructure, application, and governance frameworks.
SPAM Act Compliance
According to the Australian SPAM Act, stakeholders must give explicit consent to receive mass communications from client sites using the Engagement Hub platform.
Network and Hosting Security
Cloud Infrastructure and Data Centre
Engagement Hub is hosted on Amazon Web Services (AWS), using ISO 27001:2022 and SOC-certified infrastructure. Our data centre is located in Sydney, Australia, ensuring data sovereignty and compliance with local data storage laws.
Learn more at the AWS Compliance page or view the ISO certificate here.
Application-Level Security
Continuous Security Monitoring
As part of our ISMS, Engagement Hub employs ongoing processes to secure our application, including:
- Scheduled and ad hoc penetration testing
- Real-time software vulnerability scanning
- Patch management for timely updates
DDoS Protection and Firewalling
- ConfigServer Security & Firewall is used for DDoS protection.
- Firewalls limit access to all ports except HTTPS (443).
- AWS Shield offers additional network-level protection.
Penetration Testing and Vulnerability Management
Engagement Hub conducts both manual and automated penetration testing to evaluate application resilience. Automated tools check for:
- SQL Injection
- Cross-Site Scripting (XSS)
- PCI compliance
- General vulnerability identification
Data Protection and Access Control
Data Confidentiality and Integrity
Your data is only accessed by Engagement Hub when you explicitly authorise it. Access is limited to:
- Site administrators
- Nominated project administrators
No third-party access is allowed.
Access Control Permissions
- Site administrators manage the creation and removal of admin accounts.
- Project administrators can be assigned varying permissions to manage stakeholder access.
User Authentication and Secure Access
Password Security
Passwords are secured by:
- Enforced complexity requirements
- One-way encryption (hashed format)
- No clear-text storage
Single Sign-On (SSO) and Two-Factor Authentication (2FA)
- Azure ID / Microsoft Entra SSO is available for admin users (additional fee).
- 2FA can be enforced for administrators and stakeholders by site admins.
HTTPS and Secure Protocols
All access to Engagement Hub is securely handled through HTTPS. We use:
- TLS 1.3 for encrypted communication
- SSL certificates are included by default
Encryption Standards
All data is encrypted:
- In transit
- At rest
- In backups
Using standard algorithms:
- AES-256
- SHA-2 (256-bit)
Backups and production data are isolated and stored in redundant, private subnets within Sydney, Australia.
System Logging, Monitoring, and Incident Response
Real-Time System Monitoring
Engagement Hub systems are monitored 24/7/365 for unusual activity, covering:
- Operating system and network infrastructure
- Load balancing
- Web servers and databases
- Firewall and intrusion detection systems
Incident Management
Our Information Security Incident Management Policy ensures effective identification, investigation, and resolution of security incidents. Clients are informed according to our reporting obligations.
Disaster Recovery and Business Continuity
Engagement Hub guarantees 99.99% uptime, with historical performance exceeding this target.
Backup and Restore
- Daily backups are kept for 7 or 14 days based on support level.
- Backups are securely stored in Sydney.
- Procedures are regularly tested as part of our Business Continuity & Disaster Recovery Plan (BCP).
Secure Software Development and Deployment
We follow a Secure Development Policy to ensure all new features are:
- Developed in isolated environments (development, testing, production)
- Quality-checked before release
- Launched in a controlled and secure manner
Accessibility and Device Compatibility
Accessibility Standards
Engagement Hub is fully compliant with WCAG 2.2 Level AA. We also offer the UserWay plugin to improve accessibility for users with additional needs.
Cross-Device Compatibility
The platform is 100% responsive across all devices and is optimised for the latest versions of:
- Microsoft Edge
- Google Chrome
- Mozilla Firefox
- Safari
Conclusion
At Engagement Hub, we have a strong focus on security, privacy, compliance, and accessibility. Our platform is designed to give you confidence in the security of your online engagement activities, backed by robust infrastructure, ongoing monitoring, and compliance to national and local standards.
For more information, request our Security & Compliance Statement here.