Privacy
Privacy is key to all the work done with POLAR. We are entrusted with a range of data and it is our responsibility to ensure that any information held is kept both private and secure.
We take a ‘best practice’ approach to privacy which means regular monitoring, updating and evaluating processes and systems. In late 2019 we underwent a third party Privacy Impact Assessment (PIA) using specialist privacy consulting firm, ‘Information Integrity Solutions’.
Our Privacy Management Framework ensures we:
1. Embed a culture of privacy that enables compliance with highest standards;
2. Establish robust and effective privacy processes;
3. Evaluate our privacy processes to ensure we continue improving and
4. Enhance our responses to privacy issues.
Our privacy processes and systems are transparent and communicated to our PHN partners.
The POLAR Privacy Policy can be accessed here.
Physical Security
Our physical infrastructure is co-located in some of the most respected datacenter facilities in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat and impact. Security controls provided by our datacenter facilities include but are not limited to:
- 24/7 Physical security guard services
- Physical entry restrictions to the property and the facility
- Physical entry restrictions to our co-located datacenter within the facility
- Full CCTV coverage externally and internally for the facility
- Biometric readers with two-factor authentication
- Facilities are unmarked as to not draw attention from the outside
- N+1 power redundancy
- N+1 cooling redundancy
- Secure loading zones for delivery of equipment
- Man trap on entry to the datacenter
- Dedicated and lockable racks
The datacenters are physically located in Australia and at a minimum hold the following certifications:
- PCI-DSS
- SOC 1 Type II
- SOC 2 Type II
- ISO 27001
Data Security & Employee Access
We consider any system that collects or holds customer data as highly sensitive. We utilise the Role-Based Access Control (RBAC) access-control mechanism for granting users a minimum set of privileges to perform their function within the business. All access to the POLAR platform is closely monitored and subject to change control mechanisms.
Additionally, hard drives and infrastructure assets are securely erased before being decommissioned or reused to ensure data and privacy remains secure.
Encryption
We employ data encryption across all communication paths, and at rest, ensuring customer data is securely transferred and stored.
Security Monitoring
The security team utilise monitoring and analytics capabilities to identify potentially malicious activity on POLAR infrastructure. User and system behaviors are monitored for suspicious activity, while any investigations performed are supported by incident reporting and response procedures.
Scalability / Redundancy
Network resilience is important and built into core network design. The POLAR private cloud consists of enterprise grade equipment with redundancy incorporated across physical infrastructure that includes:
- Internet services
- Next Generation Firewalls and Layer2/3 network stacks
- Storage systems
- Computing systems
Firewalls
POLAR utilises a mix of Next-Generation Firewalls and Web Application Firewalls that control the ingress and egress traffic traversing the POLAR network. The technologies deployed provide a level of attack detection and prevention that ensures a safer and more reliable network.
Access Logging
Activities on the POLAR network are logged and monitored including all core network and application platforms. POLAR is committed to enhancing its security portfolio and protecting the integrity of the data from any potential compromise or threats.