Security

At Zeta we understand that the confidentiality, integrity, and availability of our customers’ information is vital to their business operations and our own success. We use a multi-layered approach to protect that key information; constantly monitoring and improving our application, systems and processes to meet the growing demands and challenges of security.
 

Secure Data Centres

Our dedicated servers are at top-tier data centres. These facilities provide carrier-level support, to a SAS70 level of compliances which include:
 

Access Control and Physical Security

• 24-hour manned security ensures that only authorised personnel enter the data centre building
• The use of biometric hand scanners restricts access to the data centre
• A pass card system is employed for moving from room to room within the data centre
• There is video surveillance throughout the facility and perimeter
 

Environmental Controls

• Redundant (N+1) Heating Ventilation Air Conditioning (HVAC) systems are in place to maintain a consistent temperature and humidity
• Environmental hazard detection sensors, including smoke detectors and floor water detectors, are implemented in the building
 

Fire Detection and Suppression

• A thorough fire detection and suppression system (Hi-Fog Nitrogen) and fire extinguishers are stationed in the building

Power

• There is an underground utility power feed with battery backup
• The redundant (N+1) UPS systems (Uninterruptable Power Supply) are designed to run in the unlikely event of a short power outage
• The redundant (N+1) diesel generators have on-site diesel fuel storage and full-load capability which allow for long-term power outages
 

Network Protection

Zeta provides a fully resilient and redundant network infrastructure. The entire switched network employs Cisco based switches running HSRP (N+1 hot failover) to ensure that data can be routed even in the event of device or link failure.  Internet connectivity is provided via multiple links to Tier 1 bandwidth providers which, coupled with our Cisco powered infrastructure, enables our provider to give us 100% network availability.

• Hardware and software firewalls are implemented to block unused protocols
• Intrusion detection sensors are in place throughout the internal network and report events to a security event management system for logging, alerts, and reports
 

Secure Transmission and Sessions

• Connection to the Zeta environment is encrypted via SSL 3.0 / TLS 1.0 (Public Key: RSA 2048 bit encryption), ensuring that our users have a secure connection from their browsers to our service
• Each mobile device with ZetaMobile® requires a unique number. Furthermore, the user must login using their own client ID so that data can only be synchronised between authorised mobile devices and their paired database.
• Our clients’ data is stored in separate databases, so there is no possibility for data sharing
• Each user must login to ZetaSafe® using two methods of authentication, the client identifier and a user identifier and password ensuring that the user has connected to the right database and has the authority to access it. In addition, the user may only select those sites within the client data to which they have been granted access.
 

Data Security

• All servers within the Zeta environment have an industry standard anti-virus and malware solution which is centrally monitored to ensure a high level of security compliance.
 

Disaster Recovery

• Our disaster recovery process includes real-time replication to disk utilising a RAID configuration
• Our system boasts the near-real time host-based replication of application and database servers
• Our disaster recovery tests verify our projected recovery times and the integrity of the customer data
 

Backups

• A full data backup is captured daily and securely transmitted to an off-site protected location for a set archiving period
• Off-site backups are securely destroyed when retired
 

Internal and Third-Party Testing and Assessments

Zeta tests all codes for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly which include:
 

• Application vulnerability threat assessments
• Network vulnerability threat assessments
• Selected penetration testing and code review
• Security control framework review and testing
 

Security Monitoring

Our Information Security department monitors notifications from various sources and alerts from internal systems to identify and manage threats.