At Detective Desk, we take compliance seriously. That's why we are committed to adhering to all relevant state and federal legislation, industry codes of conduct, and industry best practices, including the Privacy Act and Australian Privacy Principles.
To ensure that we maintain these high standards, we have implemented strict policies and procedures for collecting, holding, maintaining, using, and disclosing personal information. We are devoted to protecting the privacy of our clients and to handling their information with the utmost care and respect.
In 2021, Detective Desk made a commitment to upholding the highest standards in information security management by embarking on a journey to become ISO 27001 certified. This internationally recognised standard provides a framework for minimising threats to a company's information and communication technology assets, and we knew that achieving this certification would demonstrate our dedication to ensuring the security and integrity of our business.
We are proud to announce that we have successfully met the requirements for ISO 27001:2013 and were issued with our digital certificate in mid-2022. But our work doesn't stop there. As ISO 27001 is an ongoing process, we are committed to continuous improvement and maintaining our internal audits and documentation, as well as undergoing the mandatory annual external audits. This includes a triennial recertification process to ensure that we are always meeting the highest standards.
We believe that this certification will give our clients even more confidence in our commitment to information security best practices and meeting their expectations. At Detective Desk, we are dedicated to providing the highest level of service and support, and we are proud to have achieved this important milestone.
Detective Desk is certified to the ISO 27001:2013 standard (Information Security Management Systems) for the provision of delivering Software as a Service to Australian businesses for the purposes of skiptracing and investigations on individuals and companies.
Through this certification we provide our clients the confidence of dealing with a compliant, reputable and professional company with a system of internal controls that regularly undergo comprehensive independent auditing processes.
Our ISO certification offers the following advantages:
At Detective Desk, we place a high priority on data sovereignty. That's why we have chosen to house our privately owned servers in two Equinix data centres in Sydney - SY3 as our primary location and SY4 for disaster recovery and backup.
We do not use any cloud service providers and instead rely on our own hardware, which is fully owned and controlled by Detective Desk. This allows us to maintain complete control over our data and ensure that it is always protected and secure.
All of our data resides in internal data storage servers located in Australia and is not routed overseas. We utilise best practice security configurations including;
Power and Cooling
Our IBX data centres boast an industry-leading, high average uptime track record of > 99.99% globally.
This site is DTA Certified and it is designated as Certified Strategic.
Many people believe that a strong password is the only thing standing between their sensitive data and a malicious hacker. However, the reality is that even the best passwords are vulnerable to being stolen or hacked.
In fact, according to the latest Verizon Data Breach Investigations Report, 81% of hacking-related breaches involve stolen or weak passwords.
At Detective Desk, we strongly encourage our clients to take all necessary steps to ensure that they meet the expected standards of data compliance and protection. One effective way to do this is by implementing time-based one-time passcodes, which require the use of an application like Google Authenticator on a device.
This added layer of security is tied to the device and provides a higher level of protection for sensitive data. We have supported the use of one-time passcodes for many years and believe that they are an important tool for safeguarding against unauthorised access.
In 2018 we introduced IP Access Control List as a way for organisations to secure their subscription access and ensure that no one can access their account without being on-site or having their remote IP whitelisted (for WFH). This feature allows our clients to have greater control over who can access their account and helps to prevent unauthorised access.
In 2019 we implemented U2F Security for all of our resources when we migrated to the use of USB security keys (Yubico) that follow the U2F protocol. This added layer of protection helps to prevent unauthorised access to a network, even if a data thief has a valid username and password.
By using U2F Security and USB security keys, we can further enhance the security of our resources and protect our clients' sensitive data from potential threats.
Any software downloaded on a computer or phone is vulnerable to malware and hackers. The YubiKey is based on hardware with the authentication secret stored on a separate secure chip built into the YubiKey.
We also upgraded our network infrastructure by increasing the capacity of the connection between our data centers to 100Gbit.
In 2020 we made significant upgrades to Detective Desk to meet the security requirements of all major browsers by upgrading to TLS 1.3 encryption and dropping support for TLS 1.0 and 1.1. TLS 1.3 is a newer encryption protocol that offers several improvements over earlier versions, including a faster TLS handshake that reduces HTTPS overhead and simpler, more secure cipher suites. These upgrades help to ensure that our clients' data is protected by the most advanced and secure encryption protocols available.
In 2021 we engaged the services of SecurityFootprint to perform penetration testing on our system. This is an essential step in ensuring that our system is as secure as possible and is an important part of our regular security review process.
By enlisting the help of a third-party security expert, we are able to conduct a thorough and comprehensive security check to identify any potential vulnerabilities and take steps to address them. This third-party security check allows us to maintain a mature security environment.
In 2022 we enhanced our existing security framework with CloudFlare to add an additional layer of protection against potential DDOS attacks and safeguard our data. This move was designed to ensure that our system is as secure as possible and to provide our clients with the peace of mind that their data is being protected at all times.
We are proud to have successfully met the requirements for ISO 27001:2013 and were issued with our digital certificate in mid-2022. We believe that it is important to stay ahead of the curve when it comes to security and are always looking for ways to improve and strengthen our defences.
In order to maintain the highest levels of security for our clients, we recently upgraded Detective Desk's client security to implement WebAuthn, which replaced the U2F protocol that is no longer supported on Google Chrome. We are committed to staying at the forefront of security technology and will continue to make updates and upgrades as needed to keep our data safe and secure.
WebAuthn allows users to be registered to a personal device, for example their mobile phone or laptop, and use biometric identification to access Detective Desk. If your organisation still uses the standard username and password to access our tools or any other resources we encourage you to consider implementing WebAuthn.
Upon request, WebAuthn is available to all Detective Desk customers. If an organisation is considering using WebAuthn,in any of its flavours, we strongly recommend consulting your IT Department to discuss the implementation.