Security Commitment

StreamlineID takes the privacy and security of our clients’ business data very seriously.

We use and follow industry best practices, including:

• globally recognised ISO 31000 Risk Management Standard;

• security controls based on the ISO 27001 Information Security Management Standard;

• internal security team responsible for management and monitoring of all product suites and related services;

• use of a secured encrypted channel, for all communication, ensuring that the transmission of data between the computer/browser and the StreamlineID product is not compromised;

• compliance with Payment Card Industry Data Security Standard (PCI DSS) for the handling of credit card data; and

• compliance with the Australian and New Zealand privacy laws, including the Australian Privacy Principles (for more details, please visit StreamlineID's Group Privacy Policy here).

Independent testing

StreamlineID engages external security vendors to test our products both during and post-development. The testing uses the Open Web Application Security Project Application Security Verification Standard, which provides:

• application developers and application owners with a yardstick to assess the degree of trust that can be placed in our online products; and

• guidance to our product engineers about building security controls to satisfy application security requirements.

Banking security standards

StreamlineID uses the same security measures required of banks and other financial institutions when transmitting data. The StreamlineID client authorises their data supplier (typically a Government Institution, bank or other financial institution) to provide StreamlineID with identification Document Verification Service, integrated software linkage, direct between the supplier and StreamlineID. StreamlineID complies with PCI DSS which is a security standard set by the major credit card companies, in relation to our identification feature.

World class partners

StreamlineID partners with world class suppliers who provide key infrastructure and services, such as monitoring for suspicious activity, physical security, server and power redundancy, and built-in firewalls:

• Microsoft Azure production platform hosted in Australia

  • For details about Security, Privacy, and Compliance in Microsoft Azure, please visit here.

  • Microsoft Azure audits are performed as per http://azure.microsoft.com/en-us/support/trust-center/compliance/

• Amazon Web Services production platform hosted in Australia

  • For details about Security, Privacy, and Compliance in Amazon Web Services, please visit here.

  • Amazon Web Services audits are performed as per https://aws.amazon.com/compliance/

Read the StreamlineID Group Privacy statement.

​

To report a security vulnerability, please email security@streamlineid.com.au