Salestrekker team is committed to taking care of any data entered in our application or stored on our servers.

Our measures can be summarised as follows:

  1. Application design and system architecture

  2. Security monitoring and scanning

  3. Management processes and accreditations

1. Application design and system architecture

2. Security monitoring and scanning

  • Fail 2 ban scanning actively monitors log files blocking access to all suspicious connections.

  • A dedicated Qualys Vulnerability Management and Web Application Scanning server is continuously scanning all Salestrekker servers and monitoring application and architecture security.

  • Utilising Qualys, we perform regular system scans to establish compliance with various standards, such as PCI DSS and APRA's CPG 234 (Note: we are not currently certified under PCI DSS or CPG234 standards).

  • We undertake annual independent penetration tests to ensure a third party checks of our application and architecture security.

3. Management processes and accreditations

  • Salestrekker has an Information Security Management System in place, comprising of policy, procedures, risk management, training, system monitoring, incident management and continuous improvement management processes.

  • We have obtained SOC2 Type II and are in the final steps of obtaining SOC2 Type II accreditation that will certify our existing management practices and monitor their upkeep.

  • We are committed to obtain other industry relevant security certifications in the future (e.g. PCI DSS).

  • Our data security and management processes are regularly audited by APRA regulated banks.

Our Privacy Policy deals with other aspects of data handling.

Did this answer your question?