Privacy, Security & Compliance

Working with RedShield means working with a vetted, secure partner trusted by government agencies, financial institutions, and healthcare providers across the globe.

Certificates, Audits & Self-Assessments

ISO/IEC 27001:2013

This internationally acknowledged standard specifies security management best practices, comprehensive security controls, and defines best practice guidance.

The basis of the certification is development, implementation, and management of an overarching security program, which includes development and implementation of an Information Security Management System (ISMS).

The operation and maintenance of systems, assets, and processes utilized to deliver RedShield's services are certified as compliant to ISO/IEC 27001:2013.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

RedShield’s core operations and services operating from Auckland, Melbourne, and Sydney Data Centers are certified to PCI DSS v3.2.1, as applicable to a Level 1 Service Provider. We have a further program of work that will also see all other Data Centers certified to the same standard.

SOC 2 Type I

RedShield has undergone the AICPA SOC 2 Type I framework alignment audit to validate the efficacy of the Security, Availability, Processing Integrity, Confidentiality, and Privacy controls in place in accordance with the AICPA Trust Service Criteria. RedShield’s SOC 2 Type I report is available upon request.

  • RedShield's risk management program is compliant to the requirements of ISO/IEC 27001:2013, PCI-DSS, and NZISM and provides us with a rigorous framework of security controls
  • The operation and maintenance of systems, assets, and processes utilized to deliver RedShield's services are certified to ISO/IEC 27001:2013
  • RedShield's core operations and services certified to PCI DSS v3.2.1

Compliance & Regulations

GDPR

The General Data Protection Regulation (GDPR), which took effect on May 25, 2018, has created several obligations for Data Processors like RedShield.

RedShield introduced tools and processes to help us comply with GDPR, these can help you in your compliance journey too.

CCPA

The California Consumer Privacy Act (CCPA), which took effect on January 1, 2020, introduced new privacy rights for consumers in California.

Whilst this new legislation has parallels with GDPR’s requirements, the scope, definitions, and requirements differ, and the CCPA introduces some additional considerations.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) requires health care providers and business associates to protect the privacy and security of protected health information (PHI).

RedShield enables organizations subject to HIPAA Rules, to use the provided service to process protected health information.

Cloud Security Alliance (CSA) STAR Program Type 1

The CSA's Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices.

RedShield has achieved STAR Level 1 status having completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ). View STAR Registry Listing.

New Zealand Information Security Manual (NZISM)

As part of RedShield's commitment to the NZ Government's Telecommunications as a Service (TaaS) framework, we have completed a full certification audit against the requirements of the New Zealand Information Security Manual (NZISM). 

EU-US Privacy Shield and Swiss-US Privacy Shield

To comply with EU and Swiss data protection laws, RedShield are self-certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield.

These frameworks were developed to enable companies to comply with data protection requirements regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland, to the United States in reliance on Privacy Shield.

Privacy and security policy

The RedShield Privacy and Security Policy details the general policy and practices for the types of information that RedShield gathers, how we use that information, and the options that our users have regarding our use of, and ability to correct, such information.

Modern Slavery Act

RedShield Security Limited recognize that although slavery, servitude, forced labour and human trafficking (‘Modern Slavery’) is illegal it remains a global issue.

We recognize that all businesses have a responsibility to discover and counter instances where modern slavery and human trafficking is taking place within their businesses and supply chains. This is a responsibility RedShield takes seriously and we prohibit human trafficking and the use of involuntary labor in any aspect of our business. Read our statement on the Modern Slavery Act.

Security questions or issues?

If you believe you have found a security vulnerability within the RedShield web domain, please let us know. We will investigate all reports and act quickly to fix valid issues.

See how we can shield your web applications and APIs

Get your free trial or talk to one of our experts.

Free trial
or
Talk to us