Data Centre Security
We host our systems on AWS who reflect our values around security:
Read about AWS security and compliance
We currently encrypt all data travelling between you and our services with transport layer security (TLS), sometimes referred to as SSL, its predecessor. We ensure that we are not using outdated and vulnerable standards with known attacks (SSL 3.0, for example).
When software vulnerabilities are discovered, the responsible parties fix them and push new releases of that software. We make sure that we are using up-to-date versions of operating systems, kernels, packages and libraries to avoid known vulnerabilities.
We require employees to use two-factor authentication (2FA) whenever possible for the services we use as a business.
Employee access to our systems is granted on a need-to-know basis. This limits the scope of what can be compromised.
Internal security training and policies
Union Works maintains a set of internal security policies that all employees are required to understand and follow. These include strong passwords, full-disk encryption of business computers, email policies, limitations on data use and storage, etc.
Security-minded software development practices
The security that we provide forms the basis of how we create our software. We use industry best practices to create, review, test, deploy and administer our products. Code is stored in version control systems that provide audit history and redundant storage. We review code before it is committed to production. Automated tests help ensure that code behaves as it should, even in abnormal cases.
We run daily backups of production systems to protect against catastrophic loss or human error and these backups are encrypted and stored in a secure cloud based system.