Infrastructure
Network Segmentation | We implement network segmentation to isolate sensitive systems and data from general user access networks. |
Virtual Private Cloud (VPC) | All our servers are hosted within a dedicated Virtual Private Cloud (VPC), protected by network Access Control Lists (ACLs) that block unauthorised requests from reaching our internal network. |
Auto-Scaling | Our infrastructure dynamically scales to ensure high availability and effective handling of varying demand. |
Backups and Monitoring | We generate audit logs for all activities and integrate them with monitoring tools for real-time analysis. Logs are archived securely in the cloud for long-term storage without public access. Critical and fatal alerts are automatically triggered and sent to the support team to ensure prompt escalation and resolution of issues. |
Disaster Recovery | Our infrastructure and data are distributed across multiple availability zones, ensuring continued operation even in the event of a data centre failure. |
Encryption | Cuspy is fully served over HTTPS, ensuring secure communication. All data transmitted to and from Cuspy is encrypted in transit using 256-bit encryption. Additionally, data at rest is protected with industry-standard AES-256 encryption. |
Least Privilege | Security Groups for our infrastructure are regularly reviewed and baselined to ensure adherence to the principle of least privilege. Similarly, IAM roles assigned to inter-comrades for the production environment are consistently baselined to uphold least privilege. |
Organisational Security
Security Awareness Training | All employees are required to complete mandatory security awareness training annually. Additionally, individuals in higher-risk roles receive specialised training tailored to their role and associated risks on an annual basis. |
Endpoint Protection | Employee devices are equipped with Endpoint Protection (EPP), and procedures are implemented to prevent infected machines from accessing internal systems. |
Endpoint Encryption | Employee devices are encrypted to safeguard data in the event of loss or theft. Additionally, devices can be remotely locked and wiped if they are compromised or lost. |
Employee Confidentiality | Confidentiality agreements are included in all employee contracts. |
Authentication | Employee system access is secured through strong passwords and Multi-Factor Authentication (MFA). We enforce an internal password policy and utilise a password management system to ensure access credentials remain protected and are not exposed. |
Clean Desk Policy | We maintain a clean desk policy to ensure sensitive data is not left exposed, minimising the risk of unauthorised access or data breaches. Additionally, devices are configured to automatically log out after periods of inactivity. |
Data and Privacy
Encryption at Rest | Data at rest is securely encrypted using the industry-standard AES-256 encryption algorithm. |
Data Location | Australia |
Privacy Policy & Terms of Service | Cuspy has a dedicated Privacy Policy and Terms of Service. |