Secure Software Development
Security practices are applied at every phase of the software development life cycle:
- Security requirements are gathered at the early stage.
- Design phase identifies security risks via Threat Modelling, Attack Surface Analysis. Controls for input validation included.
- The development phase relies on frameworks that require the use of secure coding practices.Â
- Code is tested by someone who did not develop the source code. Automated security tests are also performed for working as expected verification.
- All security vulnerabilities are identified and patched within strict time frames which our security department monitor constantly
Operational Practices
We maintain a list of our information assets and have adopted industry recommended operational security practices which align to our security certification programs.
Applicable International Standards
We apply to our product development and our operations environment a set of international standards.
ISO 27001:2013
We are ISO 27001 certified, this standard sets out the specification for an effective information security management system (ISMS).
SOC2
We are SOC2 Type I certified, this cybersecurity standard defines the criteria for managing customer data.
PCI-DSS
Our platform is PCI-DSS SAQ A compliant. Ensuring that our platform integrates with trusted payment providers safely and securely.
Platform and network security
Security Testing
Penetration tests are part of our continual improvement strategy that helps us to tighten up the security measures.
Penetration tests are conducted periodically to uncover security vulnerabilities our applications. Security vulnerabilities are patched in a timely manner.
We also welcome external security researchers that have discovered a security defect or vulnerability in one of our products or platforms.
We have developed a policy on how to responsibly disclose security defects or vulnerabilities affecting Marketplacer products and services which can be found in our responsible disclosure policy.
Security Incident & Response management
We have adopted safeguards to reduce the vulnerability of our information systems and to help protect our customers’ data. However, we understand that security incidents can still happen.
We have developed a Security Incident Response Procedure to handle security incidents to minimise an incident duration and negative impact.
The procedure enables our Security Incident and Response team to implement appropriate action to contain, eradicate and recover from an incident. It also outlines the notification process to our customers.
The procedure goes under periodic tests to ensure that any gaps are closed and continual improvement is made.
Partners list
We have partnered with industry leaders to enhance our platform and protect our customers’ data.
See complete Global Sub-processor List
Availability and continuity
Business Continuity Plan
Resilience of the platform and availability is a top priority. We acknowledge that disruptions can occur unexpectedly by failures of IT systems or more widespread disasters (e.g. natural disasters, fire, pandemics, terrorism, etc.).
We have established a Business Continuity Management (BCP) Policy & Plan to minimise the impact of disruptions through the development of recovery plans to ensure the timely resumption of essential operations. The BCP plan is tested yearly with our established recovery team to ensure we are prepared in the event we need to action the plan.
Disaster Recovery
We have a Disaster Recovery (DR) Plan for reestablishing the operations of Markeplacer’s platform during an unexpected major event. Our Operations Team can respond to disasters or emergencies and minimise the impact on the platform operations.
The DR plan goes under periodic testing to ensure gaps are addressed promptly and to keep improving. We have DR failover in the same AWS regions if we need to failover to the next closest availability zone, so data stays in Australia, US or EU.
Security Service Edge (SSE)
Marketplacer’s platform is protected against advanced and cloud-enabled threats with Intelligent Security Service Edge, which also ensures secure access to the web, cloud services and applications.
With cloud access security broker (CASB) we address cloud service risks and ensure that security policies are enforced in a central point.
Data Security is also an important element for our platform, cloud data loss prevention (DLP) prevents sensitive data from being exfiltrated from our environment.
Endpoint Security
Our platform has antivirus protection which also provides us with an extensive visibility for endpoint detection and response (EDR) purposes.
Data Encryption
To prevent tampering and maintain the confidentiality of data, all data is encrypted using industry-standard cryptographic algorithms and protocols such as AES-256 and TLS 1.2.
SAML SSO
Our platform integrates with your SAML SSO provider to unify your team’s authentication and ensure your security monitoring has visibility into when and how your team is accessing the platform.
Customised user permissions
Customised user access roles and permissions allows you to assign who can access your Marketplacer instance and which of its components.
Report a vulnerability
We value the security researcher community. Our Responsible Disclosure Policy provides guidelines on how to report a security vulnerability or bug affecting Marketplacer products and services.
Cybersecurity Framework
We have adopted the NIST Cybersecurity Framework for improving our cybersecurity activities and achieving our cybersecurity objectives.
SOC2
Cybersecurity Framework