Applicable International StandardsWe apply to our product development and our operations environment a set of international standards.
We are ISO 27001 certified, this standard sets out the specification for an effective information security management system (ISMS).
We are SOC2 Type I certified, this cybersecurity standard defines the criteria for managing customer data.
Our platform is PCI-DSS SAQ A compliant. Ensuring that our platform integrates with trusted payment providers safely and securely.
Platform and network security
Penetration tests are part of our continual improvement strategy that helps us to tighten up the security measures.
Penetration tests are conducted periodically to uncover security vulnerabilities our applications. Security vulnerabilities are patched in a timely manner.
We also welcome external security researchers that have discovered a security defect or vulnerability in one of our products or platforms.
We have developed a policy on how to responsibly disclose security defects or vulnerabilities affecting Marketplacer products and services which can be found in our responsible disclosure policy.
Security Incident & Response management
We have adopted safeguards to reduce the vulnerability of our information systems and to help protect our customers’ data. However, we understand that security incidents can still happen.
We have developed a Security Incident Response Procedure to handle security incidents to minimise an incident duration and negative impact.
The procedure enables our Security Incident and Response team to implement appropriate action to contain, eradicate and recover from an incident. It also outlines the notification process to our customers.
The procedure goes under periodic tests to ensure that any gaps are closed and continual improvement is made.
Availability and continuity
Business Continuity Plan
Resilience of the platform and availability is a top priority. We acknowledge that disruptions can occur unexpectedly by failures of IT systems or more widespread disasters (e.g. natural disasters, fire, pandemics, terrorism, etc.).
We have established a Business Continuity Management (BCP) Policy & Plan to minimise the impact of disruptions through the development of recovery plans to ensure the timely resumption of essential operations. The BCP plan is tested yearly with our established recovery team to ensure we are prepared in the event we need to action the plan.
We have a Disaster Recovery (DR) Plan for reestablishing the operations of Markeplacer’s platform during an unexpected major event. Our Operations Team can respond to disasters or emergencies and minimise the impact on the platform operations.
The DR plan goes under periodic testing to ensure gaps are addressed promptly and to keep improving. We have DR failover in the same AWS regions if we need to failover to the next closest availability zone, so data stays in Australia, US or EU.
Report a vulnerability
We value the security researcher community. Our Responsible Disclosure Policy provides guidelines on how to report a security vulnerability or bug affecting Marketplacer products and services.
We have adopted the NIST Cybersecurity Framework for improving our cybersecurity activities and achieving our cybersecurity objectives.