This document describes the aTech Media security procedures used at Codebase.

Physical Security

  • 2-factor authentication and biometric security for all physical data centre access
  • CCTV covering all access to the floor with 24-hour video recording
  • Fully alarmed floor covering entrances and emergency exits
  • Very early smoke detection apparatus (VESDA) installed
  • FM200 fire suppression system
  • Under floor leak detection

Server and Data Access

  • Direct access to servers and data is limited to core system administrators and protected by 2-factor authentication
  • Customer repository data is stored in a compressed format and is never accessed or extracted without express permission of the customer
  • Support staff logins have no access to clone repositories and must explicitly be granted access to a customer account
  • Any data accessed by support staff remains within our secure network and uncompressed data is removed when no longer required

Network and Software Security

  • All production, development and office networks are protected by Juniper SRX firewalls with regularly reviewed and change-controlled configuration
  • Our system administration team ensure that servers are kept up-to-date with all appropriate security patches
  • All internally developed software is audited for security before deployment including tests for cross-site scripting and code injection
  • All passwords are stored in a securely hashed format and are automatically removed from any logs saved to disk

Credit Card Security

  • We never process or store credit card details on our own network
  • All data and transactions are passed directly through a secure connection to our payment processing company who maintain all data on their PCI-compliant systems

Backups and Redundancy

  • All data is stored on redundant disk arrays to minimize the possibility of data unavailability
  • Data is encrypted before being backed up every 3 hours to a secure server at a separate location