Data Security | FACTS Online - Work as a team with your clients

Data security in transit

All data transactions between your clients, referral partners and teams occur over a secure transit layer (SSL). Login and registration information, documents and signatures are all secured. No information is retained on user browsers, as we do not use such things as cookies or save login information.

All transitions across our data centre occur over a secure channel, and access to our data centre (for maintenance and upgrades) is restricted to physical access at our head office in Melbourne.

Data security at rest

All your documents and files encrypted at rest within using AES-256 technology. File access is restricted via private keys, only to authorised users (as per your internal security setup, see Access Control).

Our data centres utilise state-of-the-art digital surveillance and security equipment to prevent unauthorised access. We have a multi-layered access system, utilising Biometric access points, proximity card readers, 24-hour on-site security controls, integrated Building Management, Security and CCTV systems and perimeter security controls.

Where is your data stored?

Your data is stored on two separate Australian-based data centres: One data centre stores relational data, such as clients base and file metadata, the other retains documents and files. For anyone to retrieve any meaningful information, they would have to breach both data centres. Data centre certificates: Quality ISO 27001, Environment ISO 14001, Health & Safety 18001, Information Security 27001 (all approved by SIA Global)

Data Backups

All data and meta-data is backed up at a secondary data centre. Your documents are also backed up in 'deep rest' data storage for at least 18 months, even after deletion.

Access control

Access control within a FACTS Online account ensures information is only available to authorised users:

Client information is contained within a client account, family and business groups. It means client data can be shared with other authorised clients within a group to prevent accidental data leaks within your client base.
Referral partners authorised access on a per-client basis with optional timeframe and project limits.
Team members may be allocated to specific client segments or groups at the administrator level.

Audit Trail

All interactions of clients, referral partners and team users are recorded in a granular level audit trail. This tool can be used to track down 'human-factored' data breaches. This tool is available to primary account holders or team users with full access permissions.

Password strength

FACTS Online enforce high password strength for all users. The minimal requirements for passwords are:

8 characters
Upper-case and Lower-case letters
Must contain a number or special character
Must be a non-common password (Checked with 100,000 common web passwords)

Digital Signature

FACTS Online digital signatures are issued and backed by Global Sign GMO Internet Group (www.globalsign.com). Signature certificates are retrieved on demand from Global Sign servers and ensure a full paper trail of electronic signature.

Certificates are fully compliant with ESIGN and eIDAS regulations.

Key features of FACTS Online digital signatures:

Signature authenticated by email, username, password, IP address and browser location API.
Signatures timestamp retrieved via a third-party service. It ensures signature time recorded in isolation from FACTS Online and Global Sign infrastructure.
Certificates are generated and retrieved on demand from Global Sign servers.
Multiple signatures are built into PDF files to provide a digital paper trail. Users and auditors may review the digital paper trail using Adobe PDF Reader signature panel (Read more about validating digital signatures at Adobe PDF reader).
FACTS Online Vault retains all document versions and digital signature workflow phases. Business users may view and download version files from file list -> More window -> Versions.

Your responsibility

Data security is a joint effort between FACTS Online, clients, referral partners and your team users. We continually invest to improve our data security, however hackers are always looking for the weak link in the chain. There are some steps you can take to improve security.
Tips for local data security:

Always sign out from FACTS Online when not in use or at the end of the day.
Do not use the a password also used in another site.
Use dedicated password storage applications, such as Last Pass, Keeper or Password Boss. Do not store passwords in a browser's in-built system.
Change your password regularly.
Ensure your internal systems, such as operating systems and virus and spyware software, are up to date.
Avoid downloading unauthorised applications.
Clean-up your downloads and recycle bin folders on a regular basis.

Reporting security concerns

Simply said, data security is our top priority at FACTS Online. While we are confident in our data security measures, we escalate any security concern to the highest level. If you have data or security concerns, please report it via any of the following channels:

info@factsonline.com.au 1300 161 208 (overseas clients +61 3 9909 7029)