Security

World-class infrastructure for a mission-critical service

  • You own and control your data. We use your data only to provide the services we have agreed upon and don't mine it for marketing or advertising.
  • We selected Microsoft Azure for the cloud infrastructure.
  • Low latency. All APIs endpoint and services are locate in the regions closest to customer.
  • Independent multi-tenant. mean each customers data is isolate with other customer.
  • Meets a broad set of international and industry-specific compliance standards, such as ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards like Australia IRAP, UK G-Cloud, and Singapore MTCS.

Data Encryption In Transit and At Rest

DIMDATA supports the latest recommended secure cipher suites and protocols to encrypt data in transit. Customer data is encrypted at rest.

We work hard to maintain best practices for encryption and disable support for older encryption standards that are no longer considered strong. This is one reason that we drop support for older browsers aggressively.

Data center security

DIMDATA and your data is hosted on Microsoft Azure, a global leader in Infrastructure as a Service (IaaS). Microsoft Azure take physical and network security seriously. Their data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times.

Microsoft Azure maintain multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. Their reports can be found on the Microsoft Azure Compliance website and you can read more about the specifics of their approach at https://www.microsoft.com/en-us/TrustCenter/Compliance/default.aspx

Access control

You choose who to invite to your DIMDATA account and the permissions they have. Our team do not have access to login to your account. On rare occasions, it may be that we can better assist in investigating a problem you are having with DIMDATA if we can access some part of your data in readable form. We would always ask your permission before taking this action and the process requires authorization and co-ordination across multiple personal and security layers internally.

Backup and availability

Our systems automatically replicate your data across multiple locations in real-time to maximize availability. Data is also constantly backed up to ensure we can restore access to your data and the service in the unlikely event that the data replicas in all locations fail at once. Our monitoring alerts us to any trouble and we have staff on-call at all times to quickly resolve unexpected incidents.

Payment card data

We maintain PCI-DSS certification for payment collection. We do not store credit cards on our systems.

Internal controls

Keeping systems safe is part of our daily life here at DIMDATA. We have strict internal policies and processes to keep our team and their kit safe, to protect our assets, and to limit access to sensitive systems and infrastructure to key staff on a needs-only basis.

Updates and external review

We update DIMDATA most days and because you access DIMDATA via your browser you're always on the latest version. We monitor security advisories and other security community output closely. We work promptly to upgrade the service to respond to potential new threats and vulnerabilities as they are discovered. We work with certified independent specialists on a regular basis to undertake systems penetration testing and source code reviews.

Concerns or want to contact us?

For concerns that are urgent or sensitive, please email us on our sensitive support channel support@dimdata.com so that it can be handled promptly by our security team.