At Roller we consider data integrity and security to be of utmost importance, hence why we've chosen to host our platform with Amazon Web Services (AWS), one of the most secure cloud computing environments available today.
The AWS cloud infrastructure is housed in AWS’s data centres, designed to provide the highest availability while putting strong safeguards in place regarding customer privacy and segregation. The infrastructure is protected by extensive network and security monitoring systems, and is continuously scanned and tested.
AWS builds its data centres in multiple geographic regions as well as across multiple Availability Zones within each region to offer maximum resiliency against system outages. AWS designs its data centres with significant excess bandwidth connections so that if a major disruption occurs there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Further information about AWS infrastructure can be found here (https://aws.amazon.com/security)
AWS systems and data centres adhere to the most stringent compliance programs, with certifications from accreditation bodies across geographies and verticals, including but not limited to;
- PCI DSS Level 1
- SOC 1/ ISAE 3402
- SOC 2
- SOC 3
- IRAP (Australia)
- ISO 9001:2008
- ISO 27001:2013
- ISO 27017:2015
- ISO 27018:2014
- MTCS Tier 3 Certification (Singapore)
- MLPS Level 3 (China)
Further information about AWS Compliance Certifications can be found here (https://aws.amazon.com/compliance/)
WEB AND MOBILE APPLICATION DEVELOPMENT
Roller is committed to designing, building, and maintaining secure systems for our clients.
• All applications are regularly scanned for common security vulnerabilities including the OWASP Top Ten.
• Regular training on Secure Coding Practices is provided. All engineers must attend training session.
• No credit card information is permitted to be stored on any mobile device.
• Use of encryption for both storage and transmission of sensitive information is regularly audited.
• All access to test and production environments are secured by multi factor authentication (MFA) and only available to our senior engineers who have security clearance.
Roller uses strong encryption methods and key management procedures to ensure your sensitive information is protected.
• Roller's website and APIs are accessible via a 256-bit SSL certificate issued by GeoTrust.
• Credit card information never passes through our servers (goes directly to payment gateway) and therefore is never stored by our servers.
While we don't anticipate there ever being a breach of our systems, we know that no computer system is perfectly secure.
• In the event of a breach of Roller's platform, we have a detailed Incident Response plan in place.
• Periodic testing of the response plan.
• Roller has 24x7 monitoring of its services and immediate alerts.