Security at RedShield
RedShield was formed to actively protect web applications from known attacks. Its founders have an extensive history in Information Security and have formed a company that has been designed, and is operationally proven, to provide a secure service.
RedShield strives to ensure that any data that we process on your behalf is securely maintained whilst in our care. The white paper ‘RedShield’s Approach to Information Security’ is presented to outline how RedShield achieves this.
Compliance Certifications and Regulations
– Payment Card Industry Data Security Standard (PCI DSS)
– ISO 27001:2013 Information Security Management System
– CSA Cloud Security Alliance STAR Level 1
– NZ TaaS Certification (NZ Government Agencies only)
– EU-US Privacy Shield and Swiss-US Privacy Shield
– EU General Data Protection Regulation (GDPR)
– U.S. Health Insurance Portability and Accountability Act (HIPAA)
– California Consumer Privacy Act (CCPA)
The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
RedShield has a programme of work that will see all our Data Centres certified to the PCI DSS standard. As of January 2020, our core operations and services operating from the following Data Centres are certified as compliant to the requirements of PCI DSS v3.2.1, as applicable to a Level 1 Service Provider.
• Auckland, New Zealand
• Sydney, Australia
• Melbourne, Australia
To request the RedShield PCI DSS attestation of compliance (AOC) please contact RedShield support.
This internationally acknowledged standard specifies security management best practices, comprehensive security controls, and defines best practice guidance.
The basis of the certification is development, implementation, and management of an overarching security program, which includes development and implementation of an Information Security Management System (ISMS).
The operation and maintenance of systems, assets, and processes utilised to deliver RedShield’s services have been certified as compliant to ISO 27001:2013 by our independent auditors, the certificate is available upon request from RedShield support.
To comply with European Union and Swiss data protection laws, RedShield are self-certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield. These frameworks were developed to enable companies to comply with data protection requirements regarding the collection, use, and retention of personal information transferred from the European Union, the United Kingdom, and Switzerland, to the United States in reliance on Privacy Shield.
For more information, including the types of Information covered, see RedShield’s Privacy Shield Notice. To learn more about the Privacy Shield Program, please see http://www.privacyshield.gov/welcome.
This regulation, which took effect on May 25, 2018, has created several obligations for Data Processors like RedShield.
We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR, and to help our customers maintain compliance as well.
To learn more about RedShield’s approach to GDPR, please read our Approach to GDPR Compliance.
The HIPAA Rules apply to covered entities (Health Care Providers) and business associates. Organisations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information.
If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.
A growing number of healthcare providers are using the RedShield service to protect their web processing elements, and as such the processing and transmission of protected health information (PHI). RedShield enables covered entities, subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), to use the provided service to process protected health information.
For detailed information about how we validate the efficacy of our service to support the processing of health information please read the additional information on our approach to HIPAA Security and Compliance.
Read RedShield’s response to CCPA here.
The RedShield Privacy and Security Policy details the general policy and practices for the types of information that RedShield gathers, how we use that information, and the options that our users have regarding our use of, and ability to correct, such information.
Security questions or issues?
If you believe you have found a security vulnerability within the RedShield web domain, please let us know. We will investigate all reports and do our best to quickly fix valid issues.
Please submit your report directly to our security team at firstname.lastname@example.org who will respond as soon as possible.
For any other security questions or issues, please email email@example.com