Our security practices
Purpose-built for secure verificationOur platform is designed to securely store, verify and share credentials. It is built with robust and well-supported modern technologies, with automated security controls and processes.
Data encryptionYour sensitive data and documents are strongly encrypted, both ‘in transit’ from your device to our servers (using TLS) and ‘at rest’ when stored on our secure servers. We carefully manage encryption keys as per best practice, keeping them entirely separate from the data.
Secure cloud infrastructureWe use Amazon Web Services (AWS) to securely store your data in Sydney, Australia. Our platform and applications also run within the AWS environment, with a system architecture that is designed for high security. We make extensive use of AWS security features.
Ongoing monitoringOur applications, APIs and infrastructure are monitored with automated tools, including logging of data access and changes. We regularly review our architecture and systems with in-house data security experts, and engage independent third parties for penetration testing.
Account securityWe use passwordless authentication for improved account security. When you create an account, and for each subsequent sign-in, we will email you with the option to use a unique one-time link or temporary code to login. This is the latest technology for secure logins and is easier and more robust than traditional passwords. To further enhance your account security, we also offer the option for you to use Multi-factor Authentication (MFA) for your account. Manage your MFA settings here.
Certsy hosts its applications and services with Amazon Web Services (AWS). AWS are compliant with the following standards: SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70), SOC 2, SOC 3, FISMA, DIACAP, and FedRAMP, DOD CSM Levels 1-5, PCI DSS Level 1, ISO 9001 / ISO 27001, ITAR, FIPS 140-2, MTCS Level 3. Find out more about AWS Cloud Security.