Block copy.png

Trust centre

Security is a priority at Dazychain, see how we protect our customers

 
 
 

Access control

Assigned roles and groups govern user access to functions within Dazychain. Individual projects are further protected via an access list of allowed ‘collaborators’. All roles are assigned by the organization administrator. An organization can appoint one or more users to an Organization Administrator role.

Users are verified by login and password pair over a TLS 1.3 encrypted link. Passwords are always encrypted before storing.

Dazychain can configure Single-Sign On (SSO) for an organization, using Secure Assertion Markup Language (SAML). Organizations can choose to apply an additional two-factor authentication using their own access process.

Application security

Penetration testing

Penetration tests are conducted internally prior to each release of Dazychain. External third-party penetration tests are performed annually.

Vulnerability protection and monitoring

Our application runs on Amazon Web Services (AWS). We utilise AWS Shield, Amazon Inspector, Amazon Cloudfront, Amazon Guard Duty and AWS’s Web Application Firewall to monitor, identify and log vulnerabilities for remediation.

Data security

The database, including documents, are encrypted at rest using AES-256 algorithm. All communications in transit between the application and the database are encrypted using HTTPS with TLS 1.3 protocol.

Yarris makes use of cloud services to host our databases and application servers, as such we have no physical access or data stored on-premises. The system retains a complete history of access to the system, including each data change on business entities such as matters and deliverables.

Information Security Management System

ISO 27001

Our ISO 27001:2013 controls and wider Information Security Management System (ISMS) are internally and externally audited annually.

 

SOC 2

SOC 2 audits are undertaken annually and we produce SOC 2 reports.

Privacy Act

We comply with the Privacy Act 1988 (Privacy Act) and related Australian privacy and data laws.

Employee security 

All staff undertake police checks before they join the organization and again once every two years. Confidentiality agreements are signed by all employees, third parties and contractors.

During orientation, employees are briefed in detail on the organization’s ISMS policies. The policies are updated frequently, shared with employees and acceptance is documented.

Security awareness refresher training is undertaken by all employees each year.

 

Security and architecture overview

If you want to learn more, get in touch and we can provide an information pack including a copy of our certifications and how we work with your IT.