Security & Technology
Ensuring your business is safe and secure, is our priority.
Our customers put a lot of trust in us, and we take that very seriously. Our certifications and the standards we choose to meet are one way we demonstrate our commitment to maintaining trust.
CLOUD SECURITY
The AWS cloud infrastructure is housed in AWS’s data centres, designed to provide the highest availability while putting strong safeguards in place regarding customer privacy and segregation. The infrastructure is protected by extensive network and security monitoring systems, and is continuously scanned and tested.
AWS builds its data centres in multiple geographic regions as well as across multiple Availability Zones within each region to offer maximum resiliency against system outages. AWS designs its data centres with significant excess bandwidth connections so that if a major disruption occurs there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Further information about AWS infrastructure can be found here (https://aws.amazon.com/security)
COMPLIANCE
AWS systems and data centres adhere to the most stringent compliance programs, with certifications from accreditation bodies across geographies and verticals, including but not limited to;
PCI DSS Level 1
SOC 1/ ISAE 3402
SOC 2
SOC 3
IRAP (Australia)
ISO 9001:2008
ISO 27001:2013
ISO 27017:2015
ISO 27018:2014
MTCS Tier 3 Certification (Singapore)
MLPS Level 3 (China)
Further information about AWS Compliance Certifications can be found here (https://aws.amazon.com/compliance/)
WEB AND MOBILE APPLICATION DEVELOPMENT
ROLLER is committed to designing, building, and maintaining secure systems for our clients.
-
All applications are regularly scanned for common security vulnerabilities including the OWASP Top Ten.
-
Regular training on Secure Coding Practices is provided. All engineers must attend training session.
-
No credit card information is permitted to be stored on any mobile device.
-
Use of encryption for both storage and transmission of sensitive information is regularly audited.
-
All access to test and production environments are secured by multi factor authentication (MFA) and only available to our senior engineers who have security clearance.
ENCRYPTION
ROLLER uses strong encryption methods and key management procedures to ensure your sensitive information is protected.
-
ROLLER’s website and APIs are accessible via a 256-bit SSL certificate issued by GeoTrust.
-
Credit card information never passes through our servers (goes directly to payment gateway) and therefore is never stored by our servers.
INCIDENT RESPONSE
While we don’t anticipate there ever being a breach of our systems, we know that no computer system is perfectly secure.
-
In the event of a breach of ROLLER’s platform, we have a detailed Incident Response plan in place.
-
Periodic testing of the response plan.
-
ROLLER has 24×7 monitoring of its services and immediate alerts.
PCI DSS
Roller maintains continuous compliance with the PCI DSS in accordance with the requirements for service providers as defined by the PCI Security Standards Council.
It is the responsibility of all customers to protect the security of cardholder data and maintain information on how a service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.
Roller conducts an annual review of its compliance using an independent Qualified Security Assessor (QSA)
Should you have any questions or would like a copy of Roller's AOC please email our legal and compliance team at security@rollerdigital.com