Privacy, Security & Compliance
Working with RedShield means working with a vetted, secure partner trusted by government agencies, financial institutions, and healthcare providers across the globe.
Certificates, Audits & Self-Assessments
This internationally acknowledged standard specifies security management best practices, comprehensive security controls, and defines best practice guidance.
The basis of the certification is development, implementation, and management of an overarching security program, which includes development and implementation of an Information Security Management System (ISMS).
The operation and maintenance of systems, assets, and processes utilized to deliver RedShield's services are certified as compliant to ISO/IEC 27001:2013.
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
RedShield’s core operations and services operating from Auckland, Melbourne, and Sydney Data Centers are certified to PCI DSS v3.2.1, as applicable to a Level 1 Service Provider. We have a further program of work that will also see all other Data Centers certified to the same standard.
SOC 2 Type I
RedShield has undergone the AICPA SOC 2 Type I framework alignment audit to validate the efficacy of the Security, Availability, Processing Integrity, Confidentiality, and Privacy controls in place in accordance with the AICPA Trust Service Criteria. RedShield’s SOC 2 Type I report is available upon request.
- RedShield's risk management program is compliant to the requirements of ISO/IEC 27001:2013, PCI-DSS, and NZISM and provides us with a rigorous framework of security controls
- The operation and maintenance of systems, assets, and processes utilized to deliver RedShield's services are certified to ISO/IEC 27001:2013
- RedShield's core operations and services certified to PCI DSS v3.2.1
Compliance & Regulations
Cloud Security Alliance (CSA) STAR Program Type 1
The CSA's Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices.
RedShield has achieved STAR Level 1 status having completed the CSA Consensus Assessments Initiative Questionnaire (CAIQ). View STAR Registry Listing.
New Zealand Information Security Manual (NZISM)
As part of RedShield's commitment to the NZ Government's Telecommunications as a Service (TaaS) framework, we have completed a full certification audit against the requirements of the New Zealand Information Security Manual (NZISM).
EU-US Privacy Shield and Swiss-US Privacy Shield
To comply with EU and Swiss data protection laws, RedShield are self-certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield. View Privacy Shield Notice.
These frameworks were developed to enable companies to comply with data protection requirements regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland, to the United States in reliance on Privacy Shield.
Privacy and security policy
The RedShield Privacy and Security Policy details the general policy and practices for the types of information that RedShield gathers, how we use that information, and the options that our users have regarding our use of, and ability to correct, such information.
Modern Slavery Act
RedShield Security Limited recognize that although slavery, servitude, forced labour and human trafficking (‘Modern Slavery’) is illegal it remains a global issue.
We recognize that all businesses have a responsibility to discover and counter instances where modern slavery and human trafficking is taking place within their businesses and supply chains. This is a responsibility RedShield takes seriously and we prohibit human trafficking and the use of involuntary labor in any aspect of our business. Read our statement on the Modern Slavery Act.
Security questions or issues?
If you believe you have found a security vulnerability within the RedShield web domain, please let us know. We will investigate all reports and act quickly to fix valid issues.