LIFT Security Information
Overview of the Platform
LIFT's online database uses Caspio, an online database which is located on an Australian Server of AWS (Amazon's Web Service). AWS has built a reputation for providing some of the most secure and best run data centers in the world. AWS is:
- SAS 70 Type II Certified
- ISO 27001 Security Certified
- Authorized by U.S. General Services Administration to operate at the FISMA Moderate level
- Supports Payment Card Industry (PCI) compliant applications when AWS and Caspio-provided security controls are used in tandem.
Network and Systems Layer
Our database's servers and firewalls are configured to allow only the absolute minimum level of access. All unnecessary users, protocols, and ports are disabled and monitored. Operating systems and third-party software are kept current with the latest upgrades and patches recommended by their vendors. Our databases and backups can only be accessed through trusted and secure authentication.
AWS which houses the database utilise 'Deep Security as a Service' including intrusion detection and prevention, firewall, anti-malware, web reputation and integrity monitoring.
LIFT host its navigation components on Zettagrid servers located in Melbourne, Perth and Sydney. While, no personal information is stored on these servers, Zettagrid is rated a Tier 3 secure servers with exceptional physical and administrative controls. Zettagrid is an Australian owned company employing dedicated staff who are cleared with the Australian Federal Police and for Restricted and Protected Level Defence classification.
Access to LIFT's webpages is protected behind a firewall. LIFT use award winning Digicert to deliver a 256 bit secure encryption of the information when it is transferred from your computer to our server.
Our database provider does not have direct access to the servers, except where necessary for system management, maintenance, monitoring, and backups and only strictly under limited access approval and monitoring by our LIFT development team. Only select, qualified authorized personnel are allowed access to database servers, and only when that access is absolutely necessary. All account logins and activity are tracked for reference, if needed.
All LIFT employees are security cleared with the Australian Federal Police and hold a current relevant local authority's required police clearance for working with children. All support and activity is monitored. No employees can see or access another person's password, so all activity is transparently monitored.
The LIFT system supports services multi level security and control of who has access to information stored on LIFT, for example:
- Families to see only their own child's learning & assessment portfolio, plans which are shared only by other families enrolled in that room/group & general information about the service which could include policies, procedures, calendars etc.; and
- Approved educators to access and contribute to all children's portfolios, plans and quality management documents within a single service. Each user has their own unique username & password.
Early Childhood Service Administrators can grant, modify or remove access to any person at any time.
At this stage there is no mandatory requirement to change passwords, although the LIFT team recommends users regularly reset their passwords.
LIFT keeps basic access log information indefinitely, so this information can be retrieved if required at a date.
The platform offers an extensive list of features to help you protect and secure your account, data, and applications:
Account Authentication - Your account is protected by your Account ID and password. We encourage you to use strong passwords, protect them from others, and change them often.
Data Encryption - When you log into your account, your session is secured with 128 bit or higher encryption (this is in addition to 256 Digicert encryption offered on our hosted pages).
TRUSTe EU Safe Harbor Certified
Our database is housed on Caspio which adheres to strict data privacy standards. We are a licensee of the TRUSTe® Privacy Program and abide by the EU Safe Harbor Framework as outlined by the U.S. Department of Commerce and the European Union.
TRUSTe is an independent organization devoted to build users' trust in the internet by promoting the use of fair information practices. We have elected to disclose our information handling practices and have our practices reviewed for compliance by TRUSTe as a testament of our commitment to your privacy.