Data security in transit
All data transactions between your clients, referral partners and teams occur over a
secure transit layer (SSL). Login and registration information, documents and
signatures are all secured. No information is retained on user browsers, as we do
not use such things as cookies or save login information.
All transitions across our data centre occur over a secure channel, and access to
our data centre (for maintenance and upgrades) is restricted to physical access at
our head office in Melbourne.
Data security at rest
All your documents and files encrypted at rest within using AES-256 technology. File
access is restricted via private keys, only to authorised users (as per your
internal security setup, see Access Control).
Our data centres utilise state-of-the-art digital surveillance and security
equipment to prevent unauthorised access. We have a multi-layered access system,
utilising Biometric access points, proximity card readers, 24-hour on-site security
controls, integrated Building Management, Security and CCTV systems and perimeter
Where is your data stored?
Your data is stored on two separate Australian-based data centres: One data centre
stores relational data, such as clients base and file metadata, the other retains
documents and files. For anyone to retrieve any meaningful information, they would
have to breach both data centres. Data centre certificates: Quality ISO 27001,
Environment ISO 14001, Health & Safety 18001, Information Security 27001 (all
approved by SIA Global)
All data and meta-data is backed up at a secondary data centre. Your documents are
also backed up in 'deep rest' data storage for at least 18 months, even after
Access control within a FACTS Online account ensures information is only available to authorised users:
Client information is contained within a client account, family and business
groups. It means client data can be shared with other authorised clients within
a group to prevent accidental data leaks within your client base.
Referral partners authorised access on a per-client basis with optional
timeframe and project limits.
Team members may be allocated to specific client segments or groups at the
All interactions of clients, referral partners and team users are recorded in a
granular level audit trail. This tool can be used to track down 'human-factored'
data breaches. This tool is available to primary account holders or team users with
full access permissions.
FACTS Online enforce high password strength for all users. The minimal requirements for passwords are:
- 8 characters
- Upper-case and Lower-case letters
- Must contain a number or special character
- Must be a non-common password (Checked with 100,000 common web passwords)
FACTS Online digital signatures are issued and backed by Global Sign GMO Internet Group (www.globalsign.com). Signature certificates are retrieved on demand from Global Sign servers and ensure a full paper trail of electronic signature.
Certificates are fully compliant with ESIGN and eIDAS regulations.
Key features of FACTS Online digital signatures:
- Signature authenticated by email, username, password, IP address and browser location API.
- Signatures timestamp retrieved via a third-party service. It ensures signature time recorded in isolation from FACTS Online and Global Sign infrastructure.
- Certificates are generated and retrieved on demand from Global Sign servers.
- Multiple signatures are built into PDF files to provide a digital paper trail. Users and auditors may review the digital paper trail using Adobe PDF Reader signature panel (Read more about validating digital signatures at Adobe PDF reader).
- FACTS Online Vault retains all document versions and digital signature workflow phases. Business users may view and download version files from file list -> More window -> Versions.
Data security is a joint effort between FACTS Online, clients, referral partners and your team users. We continually invest to improve our data security, however hackers are always looking for the weak link in the chain. There are some steps you can take to improve security.
Tips for local data security:
- Always sign out from FACTS Online when not in use or at the end of the day.
- Do not use the a password also used in another site.
- Use dedicated password storage applications, such as Last Pass, Keeper or
Password Boss. Do not store passwords in a browser's in-built system.
- Change your password regularly.
- Ensure your internal systems, such as operating systems and virus and spyware
software, are up to date.
- Avoid downloading unauthorised applications.
- Clean-up your downloads and recycle bin folders on a regular basis.
Reporting security concerns
Simply said, data security is our top priority at FACTS Online. While we are
confident in our data security measures, we escalate any security concern to the
highest level. If you have data or security concerns, please report it via any of
the following channels:
1300 161 208
(overseas clients +61 3 9909 7029)
Level 1, 530 Little Collins St
Melbourne VIC 3000