Get your copy of the 2023 Gartner® Hype CycleTM for Digital Commerce Report.

Security

We take data security seriously. Our dedicated security team follows industry best practices and has adopted controls such as SAML SSO, Encryption, Multi-Factor Authentication, Cloud Security to keep our customers’ data secure.

Marketplacer Security

Our approach to security operations and best practices

Secure software development

Security practices are applied at every phase of the software development life cycle:

  • Security requirements are gathered at the early stage.
  • Design phase identifies security risks via Threat Modelling, Attack Surface Analysis. Controls for input validation included.
  • The development phase relies on frameworks that require the use of secure coding practices. 
  • Code is tested by someone who did not develop the source code. Automated security tests are also performed for working as expected verification.
  • All security vulnerabilities are identified and patched within strict time frames which our security department monitor constantly
 
Operational practices

We maintain a list of our information assets and have adopted industry recommended operational security practices which align to our security certification programs.

Secure Software Development

Applicable international standards

We apply to our product development and our operations environment a set of international standards.

ISO 27001:2013

ISO 27001:2013

We are ISO 27001 certified, this standard sets out the specification for an effective information security management system (ISMS).

SOC2

SOC2 Type II

We are SOC2 Type I certified, this cybersecurity standard defines the criteria for managing customer data.

PCI-DSS

PCI-DSS

Our platform is PCI-DSS SAQ A compliant. Ensuring that our platform integrates with trusted payment providers safely and securely.

marketplace operation

Platform and network security

Penetration tests are part of our continual improvement strategy that helps us to tighten up the security measures.

Penetration tests are conducted periodically to uncover security vulnerabilities our applications. Security vulnerabilities are patched in a timely manner.

We also welcome external security researchers that have discovered a security defect or vulnerability in one of our products or platforms.

We have developed a policy on how to responsibly disclose security defects or vulnerabilities affecting Marketplacer products and services which can be found in our responsible disclosure policy.

We have adopted safeguards to reduce the vulnerability of our information systems and to help protect our customers’ data. However, we understand that security incidents can still happen.

We have developed a Security Incident Response Procedure to handle security incidents to minimise an incident duration and negative impact.

The procedure enables our Security Incident and Response team to implement appropriate action to contain, eradicate and recover from an incident. It also outlines the notification process to our customers.

The procedure goes under periodic tests to ensure that any gaps are closed and continual improvement is made.

Partners list

We have partnered with industry leaders to enhance our platform and protect our customers’ data. See complete Global Sub-processor List

snowflake
cloudflare

Availability and continuity

Business continuity plan

Resilience of the platform and availability is a top priority. We acknowledge that disruptions can occur unexpectedly by failures of IT systems or more widespread disasters (e.g. natural disasters, fire, pandemics, terrorism, etc.).

We have established a Business Continuity Management (BCP) Policy & Plan to minimise the impact of disruptions through the development of recovery plans to ensure the timely resumption of essential operations. The BCP plan is tested yearly with our established recovery team to ensure we are prepared in the event we need to action the plan.

Disaster recovery

We have a Disaster Recovery (DR) Plan for reestablishing the operations of Markeplacer’s platform during an unexpected major event. Our Operations Team can respond to disasters or emergencies and minimise the impact on the platform operations.

The DR plan goes under periodic testing to ensure gaps are addressed promptly and to keep improving. We have DR failover in the same AWS regions if we need to failover to the next closest availability zone, so data stays in Australia, US or EU.

Security in our products

Our platform has antivirus protection which also provides us with an extensive visibility for endpoint detection and response (EDR) purposes.

To prevent tampering and maintain the confidentiality of data, all data is encrypted using industry-standard cryptographic algorithms and protocols such as AES-256 and TLS 1.2.

Our platform integrates with your SAML SSO provider to unify your team’s authentication and ensure your security monitoring has visibility into when and how your team is accessing the platform.

Customised user access roles and permissions allows you to assign who can access your Marketplacer instance and which of its components.

Report a vulnerability

We value the security researcher community. Our Responsible Disclosure Policy provides guidelines on how to report a security vulnerability or bug affecting Marketplacer products and services.

 

Cybersecurity framework

We have adopted the NIST Cybersecurity Framework for improving our cybersecurity activities and achieving our cybersecurity objectives.

How to win with a marketplace strategy

We have developed a Security Management Program based on these recognised industry standards and regulations: ISO 27001, SOC2, PCI-DSS and GDPR. Our security policy and practice go through an extensive review every year. We hold ISO 27001:2013, SOC2 Type I and PCI-DSS certifications.

SOC2 logo

SOC2

Cybersecurity Framework

Cybersecurity Framework