Codebase - Software Project Management

15 day trial

Security Policy

This document outlines our current security policies which outline how your data is treated and stored while on our systems.

This document describes the aTech Media security procedures used at Codebase.

Physical Security

  • 2-factor authentication and biometric security for all physical data centre access
  • CCTV covering all access to the floor with 24-hour video recording
  • Fully alarmed floor covering entrances and emergency exits
  • Very early smoke detection apparatus (VESDA) installed
  • FM200 fire suppression system
  • Under floor leak detection

Server and Data Access

  • Direct access to servers and data is limited to core system administrators and protected by 2-factor authentication
  • Customer repository data is stored in a compressed format and is never accessed or extracted without express permission of the customer
  • Support staff logins have no access to clone repositories and must explicitly be granted access to a customer account
  • Any data accessed by support staff remains within our secure network and uncompressed data is removed when no longer required

Network and Software Security

  • All production, development and office networks are protected by Juniper SRX firewalls with regularly reviewed and change-controlled configuration
  • Our system administration team ensure that servers are kept up-to-date with all appropriate security patches
  • All internally developed software is audited for security before deployment including tests for cross-site scripting and code injection
  • All passwords are stored in a securely hashed format and are automatically removed from any logs saved to disk

Credit Card Security

  • We never process or store credit card details on our own network
  • All data and transactions are passed directly through a secure connection to our payment processing company who maintain all data on their PCI-compliant systems

Backups and Redundancy

  • All data is stored on redundant disk arrays to minimize the possibility of data unavailability
  • Data is encrypted before being backed up every 3 hours to a secure server at a separate location