At Roller we consider data integrity and security to be of utmost importance, hence why we've chosen hosting partners at Ninefold to support us.
Ninefold has three high performance and scalable availability zones, with two located in Sydney, Australia and their US East zone is located in San Jose, California.
• Highest possible security certifications: ISO 27001: Information Security Management System and ASIO T4 Intruder Resistant. Defense Signals Directorate (DSD) Gateway certification and Payment Card Industry (PCI DSS) certification.
• Tier III Design Up-time Institute certified.
• Full N+1 redundancy, including power supply and networks, reflecting our commitment to high availability as well as security.
• Enterprise-grade hardware: suppliers include Juniper, Hewlett-Packard and F5.
• Multiple physical security measures protecting access: including mantraps, access-cards, biometric scanning and round-the-clock interior and exterior surveillance monitors.
• CCTV: including motion detection and fixed cameras with digital recording and archiving.
• Background security checks for data center staff. Access to the data center is limited to those with legitimate business needs.
• Ninefold's Juniper Equipment has FIPS (Federal Information Processing Standard), with the switches also meeting Common Criteria Certification Assurance level 3 (EAL3).
• Ninefold uses F5 Local Traffic Managers (LTM) to provide resilience and redundancy for the Cloud Platform services within each zone.
• The physical equipment is kept up to date with the latest patches and hot-fixes to ensure protection against the latest security issues and bugs.
• All networking equipment is located in secure data centers which all have strict security processes. Remote access to networking equipment is only available from within the Ninefold management network and is limited to specific employees.
Roller is committed to designing, building, and maintaining secure systems.
• All applications are regularly scanned for common security vulnerabilities including the OWASP Top Ten.
• Regular training on Secure Coding Practices is provided. All engineers must attend training session.
• No credit card information is permitted to be stored on any mobile device.
• Use of encryption for both storage and transmission of sensitive information is regularly audited.
Roller uses strong encryption methods and key management procedures to ensure your sensitive information is protected.
• Roller's website and APIs are accessible via a 256-bit SSL certificate issued by GeoTrust.
• Credit card information never passes through our servers (goes directly to payment gateway) and therefore is never stored by our servers.
While we don't anticipate there ever being a breach of our systems, we know that no computer system is perfectly secure.
• In the event of a breach of Roller's platform, we have a detailed Incident Response plan in place.
• Periodic testing of the response plan.
• Roller has 24x7 monitoring of its services and immediate alerts.