06 September 2023
The platform PACFA uses for our membership database and website, iMIS EMS, has been certified under the International Organisation for Standardisation’s (ISO) global standards for information security management systems.
Advanced Solutions International (ASI) the company that owns iMIS, has had our iMIS version certified against the standard which ‘specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation.’
The standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.
ASI believes that iMIS is the only platform of its kind to have achieved this benchmark, representing the highest standard for information security.
While ASI meets the highest standard of information and data security, it is important that members take their own steps to protect their personal information, by not sharing their login and password.
In addition to certification against the international standard, ASI’s protocols for iMIS to safeguard the system include:
- Secure development and testing policies in accordance with Open Web Application Security Project® guidelines
- Conducting quarterly internal web application penetration testing
- Engaging a third party on an annual basis to perform web application penetration testing
- Engaging a third party on an annual basis to perform full penetration testing of every regional production operations environment
- Deploying SentinelOne Managed Detection Response (MDR) antimalware agents on every endpoint in all ASI networks
- Partnering with Critical Start and their global Security Operations Center to continuously monitor the SentinelOne MDR agents
- Reinforcing security protections with Azure Security Center deployed across all app services, SQL Server Databases, key vaults, and container registries in every regional production operations environment
- All Cloud Standard sites are protected behind a CloudFlare Web Application Firewall (WAF) to stop attacks before access is granted to any page on any iMIS website
- Conducting file integrity monitoring with the LogRhythm Security Information and Event Management (SIEM) and aggregates all monitored logs.
The policy provides a framework within which the roles and responsibilities of those who manage or use the data and information are defined. The intention of the policy is to ensure access to data is protected from unauthorised use, access and breaches of privacy.
Urban Verified uses multiple stages of security and encryption to ensure the identity and data is verified and un-tampered with. According to the policy: data ‘shall only be collected from Applicants who are completing a Nationally Coordinated Criminal History Checks (NCCHC) via the secure online portal or via secure email from the applicant. The Applicant will have full access to their data during the retention of the NCCHC information.
Urban Verified's data retention policy mandates that all data that is stored for a set period of time. Specific timeframes for individual data sources are detailed within specific license agreements; for example, a nationally coordinated criminal history check application is kept securely for a minimum of 12 Months but retained no longer that 15 months.