This security policy governs the processing of data provided by a subscriber in connection with their user license agreement (“Agreement”) or through the use of Metrix services. By using our services, our website, or by signing an Agreement with Metrix, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our sites or software.
Security is integrated into every aspect of Metrix “Software”. Metrix offers you unique security advantages derived from global security intelligence, sophisticated customer-facing controls, and secure hardened infrastructure. This powerful combination helps protect your applications and data, support your compliance efforts, and provides cost-effective security for organizations of all sizes.
This policy outlines the procedures and protocols we use to secure your information within Metrix.
Data Center Security
The Metrix data centre maintains an impressive list of reports, certifications, and independent assessments to ensure complete and ongoing state-of-the-art data centre security. The exact physical location of the data centre that stores Metrix’s data is private.
Additionally, data centres are secured with a variety of physical controls to prevent unauthorized access.
Metrix infrastructure is hosted in a fully redundant, secure VPN environment, with access restricted to operations support staff only. This way we can leverage complete firewall protection, private IP addresses, and other security features.
The whole system on which Metrix runs is behind a firewall and only the necessary ports are open to the outside network. Also, only authorized personnel, using SSH keys, have access to the system. Access is enabled only over a VPN connection.
We use the same level of encryption as banks and financial institutions. All data is encrypted using SHA256withRSA algorithms, which scramble data in transit.
Your company-specific data inside Metrix “Software” is kept separate through a logical separation at the data tier, based on application-level access permissions and roles you set up in your “Software”.
All Metrix “Software” is encrypted at rest. At-rest encryption means that all our databases, files, and other storages of content have their files encrypted when they’re backed up or otherwise sitting idle. If someone was somehow able to get ahold of a backup of the database, it’d be useless, because they wouldn’t have the key to decrypt it.
Our system is constantly monitored. We get reports in real-time so we can instantly react in case a potential issue arises. All actions taken on production consoles are logged.
We constantly monitor security, performance, and availability 24/7/365. We run automated security testing on an ongoing basis. We prioritize, resolve, and deploy discovered security issues quickly after discovery. Because we follow Continuous Delivery and Deployment best practices, we can update Cloud Metrix on a daily basis and fix things as soon as we see them.
The most rigorous global security standard is Information Security Management Systems (ISMS).
Email / Document Sharing
Email is a ubiquitous but high-risk communication method, vulnerable to infiltration and hacking. You should never send highly confidential, private or security-related information or documents by email.
Each Metrix application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery. Once client data reaches Metrix, all information is encrypted at rest.
Metrix has been designed to be a highly available solution. Metrix services are split over multiple data centres within Australia. In the event of one data centre going offline in a disaster scenario, the second data centre continues to serve data with minimal, if any, service interruption. Metrix is not responsible for any delays resulting from server availability.
Metrix is monitored 24 hours a day, 7 days a week, 365 days a year.
Data Breach Notification
Metrix will notify the subscriber without undue delay and in writing on becoming aware of any Data Breach with respect to our client’s data. If a vulnerability is identified or data is available publicly outside of the Metrix software, please contact Metrix immediately via email.
- Terms of Service