LIFT Security

Overview of the Platform

LIFT's online database uses Caspio, an online database which is located on an Australian Server of AWS (Amazon's Web Service).  AWS has built a reputation for providing some of the most secure and best run data centers in the world. AWS is:

Network and Systems Layer

Our database's servers and firewalls are configured to allow only the absolute minimum level of access. All unnecessary users, protocols, and ports are disabled and monitored. Operating systems and third-party software are kept current with the latest upgrades and patches recommended by their vendors. Our databases and backups can only be accessed through trusted and secure authentication.

AWS which houses the database utilise 'Deep Security as a Service' including intrusion detection and prevention, firewall, anti-malware, web reputation and integrity monitoring.

LIFT host its navigation components on Zettagrid servers located in Melbourne, Perth and Sydney. While, no personal information is stored on these servers, Zettagrid is rated a Tier 3 secure servers with exceptional physical and administrative controls. Zettagrid is an Australian owned company employing dedicated staff who are cleared with the Australian Federal Police and for Restricted and Protected Level Defence classification.  

Access to LIFT's webpages is protected behind a firewall.  LIFT use award winning Digicert to deliver a 256 bit secure encryption of the information when it is transferred from your computer to our server.

Human Layer

All data maintained in your LIFT is owned & managed by the early childhood service.  LIFT provides your service with detailed guidance on how to create and manage a comprehensive privacy policy. 

Our database provider does not have direct access to the servers, except where necessary for system management, maintenance, monitoring, and backups and only strictly under limited access approval and monitoring by our LIFT development team. Only select, qualified authorized personnel are allowed access to database servers, and only when that access is absolutely necessary.  All account logins and activity are tracked for reference, if needed.

All LIFT employees are security cleared with the Australian Federal Police and hold a current relevant local authority's required police clearance for working with children. All support and activity is monitored. No employees can see or access another person's password, so all activity is transparently monitored.

The LIFT system supports services multi level security and control of who has access to information stored on LIFT, for example: 

- Families to see only their own child's learning & assessment portfolio, plans which are shared only by other families enrolled in that room/group & general information about the service which could include policies, procedures, calendars etc.; and

- Approved educators to access and contribute to all children's portfolios, plans and quality management documents within a single service.  Each user has their own unique username & password.

Early Childhood Service Administrators can grant, modify or remove access to any person at any time. 

At this stage there is no mandatory requirement to change passwords, although the LIFT team recommends users regularly reset their passwords.

LIFT keeps basic access log information indefinitely, so this information can be retrieved if required at a date.  

Application Layer

The platform offers an extensive list of features to help you protect and secure your account, data, and applications:

Account Authentication - Your account is protected by your Account ID and password. We encourage you to use strong passwords, protect them from others, and change them often. 

Data Encryption - When you log into your account, your session is secured with 128 bit or higher encryption (this is in addition to 256 Digicert encryption offered on our hosted pages). 

 

TRUSTe EU Safe Harbor Certified

Our database is housed on Caspio which adheres to strict data privacy standards. We are a licensee of the TRUSTe® Privacy Program and abide by the EU Safe Harbor Framework as outlined by the U.S. Department of Commerce and the European Union.

TRUSTe is an independent organization devoted to build users' trust in the internet by promoting the use of fair information practices. We have elected to disclose our information handling practices and have our practices reviewed for compliance by TRUSTe as a testament of our commitment to your privacy.