Visitor and Contractor Management Security

security and privacy

Your trust and data security are our priority

Our focus is on delivering value to our customers through high quality software which is robust, scalable, secure and ready for use 24/7.

We endeavour to protect the privacy of our users and the security of our platform and product suite. Our team are technology purists who believe in strong encryption, tight and robust privacy controls. We believe in our software so much, we use it ourselves.

Download Security Overview →
VCM Home Hero
Single Sign On (SSO)

On our enterprise plans, we support industry best practice SAML 2.0 SSO. SAML is widely supported for use with Google Suite, Salesforce, Microsoft CFS, Microsoft ADFS, CA SiteMinder, and many others. SAML is an ‘open standard’ protocol, allowing best in class security which can be implemented between custom developed systems. Single Sign On is ideal for complex IT environments in an effort to reduce the administrative effort of setting up accounts and remembering many passwords.

Permissions

Sine offers multiple levels of application permissions in adherence to the principle of minimum privilege. All privileges are able to be instantly provisioned and revoked at any time through the administrator dashboard. Sine Users are able to be provided with differing levels of permissions for specific Sites and Workflows to give you convenience and piece of mind.

Password & Credential Storage

Sine forces users to use strong passwords which are more difficult to guess. Sine never stores your original password, instead we only store a hash which represents your password. Hashes are not reversible to your password. When you try and login, we calculate the hash of the password you’re trying to login with, a match means you’ve entered the right password - but we never see or store your actual password

Uptime

Sine designs and delivers quality software. We pride ourselves on deploying changes to the software with zero downtime - we strive to ensure that our software will always be ready for you no matter what. Occasionally it's not possible for us to meet this objective and we will communicate an outage window to our customers. We publish all incidents that affect availability to our service status page (https://status.sine.co/) even if they only impact a portion of our users or specific situations.

Customer Best Practices

When you talk to the Sine support team, you’re in safe hands. We’ve set up our software for thousands of customers in almost every industry around the world. Our help site has instructions on how to setup integrations, equipment and get the most out of our software.

Data Hosting & Storage

Sine exclusively uses Amazon Web Services for all of our infrastructure requirements. We use a carefully selected set of service providers for specific capabilities, for example Twilio and SendGrid for messaging and email. All of our infrastructure currently resides within the Sydney, Australia region of Amazon Web Services.

Failover & DR

All of our infrastructure is setup in a high availability configuration, which employs high capacity redundancy and load balancing systems to ensure that faults in specific regions do not affect the availability of the service. Our technology stack is designed around horizontal scaling, to this end; we use a fleet of smaller servers and have confidence that no matter the client we’ll have the infrastructure elasticity to grow with the demand. We take advantage of globally distributed content delivery partners to ensure our software is highly performant and resilient to malicious attacks.

Virtual Private Cloud

All of our servers and code are executed and managed within a secure virtual environment, this gives us strong logical and physical controls to protect customer data.

Back Ups & Monitoring

At Sine, we take deep care to understand what’s happening on our servers at the most minute levels - we pick up problems long before they can cause an issue.

Thankfully we’ve never needed our backups, but we are still diligent and regularly test that they are functional and we’re always ready to restore a backup - should that day ever come.

Permissions & Authentication

Sine tightly protects all customer data, source code and other property - we do this by ensuring our security protocols are tight. Sine only grants the permissions necessary for staff to perform their role and are regularly audited. Changes to Sine’s software and infrastructure are auditable and all changes must be approved by at least two peers, with higher risk changes requiring sign-off by both the Chief Technology Officer and Director of Engineering. Sine staff are advised to use two factor authentication wherever it’s supported and enforced for our infrastructure, corporate email and other key systems.

Encryption

Sine enforces mandatory encryption on all data in transit, when you connect to our servers it will always be encrypted. Sine uses encryption at multiple layers throughout our technology and infrastructure. The encryption keys are securely stored in Amazon’s Key Management system and are never transmitted out of the AWS infrastructure region.

Penetration Testing & Vulnerability Scanning

At Sine, we do everything we can to ensure our software is secure - but nothing beats an expert independent security assessment to really give confidence. We undertake regular audits and penetration tests to give us, and our customers, confidence in the ongoing security of our platform. We continually test for vulnerabilities, not only in our code but also in all of the libraries and vendor code we use. We use automated testing approaches to ensure our infrastructure remains hardened. We deeply invest in automated and manual testing of our software to ensure that it remains reliable, performant and secure.

Incident Response

We have a documented policy and playbook for how we handle incidents which is clearly communicated to the relevant staff. Sine communicates any service interruptions or degradation via our service status page. https://status.sine.co/

Policies & Procedures

Sine has developed comprehensive policies and procedures for how staff members are expected to behave and contribute to the ongoing security, privacy and stability of our software. All Sine staff are employed under employment contracts which enforce their obligations. Our staff are checked for their compliance and ongoing certification as part of their daily site check-in.

Training

All Sine staff receive ongoing training within their roles to ensure a high level competency as well as mandatory training which covers security and privacy protocols.

Regulatory Obligations

Sine uses Stripe (a credit card payment processor) to handle all credit card information and payments. Stripe is PCI compliant and when you enter your credit card information in the Sine Dashboard, the details are sent directly to Stripe and are never sent to Sine. Sine has undertaken significant steps to ensure that our software is compliant with GDPR regulations.

Where is customer data stored?

All customer data is stored in the Sydney, Australia AWS region.

How do Sine users authenticate to the dashboard?

Sine users can use either username and password or SAML SSO to log in to the Sine Dashboard.

Who else can access customer data?

A limited group of staff within Sine have access to view a customer’s account which is used to provide technical support. Sine staff access is most commonly provided as ‘Read Only’.

Download the security whitepaper.

crossmenu