1-Introduction

This security policy governs the processing of data provided by a subscriber in connection with their user license agreement (“Agreement”) or through the use of Metrix services. By using our services, our website, or by signing an Agreement with Metrix, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our sites or software.

2-Data Safety

Security is integrated into every aspect of Metrix “Software”. Metrix offers you unique security advantages derived from global security intelligence, sophisticated customer-facing controls, and secure hardened infrastructure. This powerful combination helps protect your applications and data, support your compliance efforts, and provides cost-effective security for organizations of all sizes.

This policy outlines the procedures and protocols we use to secure your information within Metrix “Software”.

All Metrix “Software” data is hosted on the Azure network. This includes unparalleled security intelligence and peace of mind that your network is hosted on one of the most secure networks in the world. Our team takes additional proactive measures to maintain a secure infrastructure.

We don’t publicize exactly what features, services, and data centers we use for security reasons, but we can give you a brief overview of how we make sure your data is safe.

3-Data Center Security

The Metrix data centre is held with Azure. Azure maintains an impressive list of reports, certifications, and independent assessments to ensure complete and ongoing state-of-the-art data centre security (companies such as; LinkedIn, Adobe, and LG all use Azure).

Azure has years of experience in designing, constructing, and operating large-scale data centres, which makes them the industry standard when it comes to security.

The exact physical location of the data centre that stores Metrix’s data is private.

Additionally, data centres are secured with a variety of physical controls to prevent unauthorized access.

4-Infrastructure Security

Metrix infrastructure is hosted in a fully redundant, secure VPN environment, with access restricted to operations support staff only. This way we can leverage complete firewall protection, private IP addresses, and other security features.

The whole system on which Metrix runs is behind a firewall and only the necessary ports are open to the outside network. Also, only authorized personnel, using SSH keys, have access to the system. Access is enabled only over a VPN connection.

5-Application Security

We use the same level of encryption as banks and financial institutions. All data is encrypted using SHA256withRSA algorithms, which scramble data in transit.

Your company-specific data inside Metrix “Software” is kept separate through a logical separation at the data tier, based on application-level access permissions and roles you set up in your “Software”.

All Metrix “Software” is encrypted at rest. At-rest encryption means that all our databases, files, and other storages of content have their files encrypted when they’re backed up or otherwise sitting idle. If someone was somehow able to get ahold of a backup of the database, it’d be useless, because they wouldn’t have the key to decrypt it.

6-Operational Security

Our system is constantly monitored. We get reports in real-time so we can instantly react in case a potential issue arises. All actions taken on production consoles are logged.

We constantly monitor security, performance, and availability 24/7/365. We run automated security testing on an ongoing basis. We prioritize, resolve, and deploy discovered security issues quickly after discovery. Because we follow Continuous Delivery and Deployment best practices, we can update Cloud Metrix on a daily basis and fix things as soon as we see them.

7-ISO/IEC 27001:2013

The most rigorous global security standard is Information Security Management Systems (ISMS).

8-Email / Document Sharing

Email is a ubiquitous but high-risk communication method, vulnerable to infiltration and hacking. You should never send highly confidential, private or security-related information or documents by email.

9-Data Encryption

Each Metrix application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery. Once client data reaches Metrix, all information is encrypted at rest.

10-Service Availability

Metrix has been designed to be a highly available solution. Metrix services are split over multiple data centres within Australia. In the event of one data centre going offline in a disaster scenario, the second data centre continues to serve data with minimal, if any, service interruption. Metrix is not responsible for any delays resulting from server availability.

11- System Monitoring

Metrix is monitored 24 hours a day, 7 days a week, 365 days a year.

12-Data Breach Notification

Metrix will notify the subscriber without undue delay and in writing on becoming aware of any Data Breach with respect to our client’s data. If a vulnerability is identified or data is available publicly outside of the Metrix software, please contact Metrix immediately via email.

13-Useful Resources

Metrix Security Policy is subject to change and can be accessed on our website.

• Privacy Policy
• Terms of Service