BundlePro Security Statement
1. BundlePro and your Data Security
This Security Policy governs the processing of data provided by a Subscriber in connection with their user license agreement (“Agreement”) or through the use of the BundlePro Services. By using the Software, our services, or our website, or by signing an Agreement with BundlePro, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Sites or App.
2. Keeping your firm safe
There is a lot of legitimate concern about cyber-security with many malicious actors seeking to extract money using nefarious online methods.
Whilst it might seem as if a server in your office with local PC’s is secure, if your inhouse network is connected to the Internet, it is incredibly vulnerable to attack, and Ransomware is typically placed on on-premise servers. Trojans often get placed on PC’s used for recreational purposes when we are least alert to danger.
BundlePro has a dedicated in-house Information Security team that is dedicated to maintaining the security of client data in BundlePro, BundlePro itself, and of course all our internal systems that support our business.
3. BundlePro Data on the BundlePro Servers
Being a cloud solution, the software and all client data is stored on BundlePro Servers, which are built on the AWS (Amazon Web Services) platform.
Amazon Web Services (AWS) is a leading cloud services platform, providing database storage, content delivery and a range of other functions. It is probably the largest and most successful cloud platform provider in the world.
AWS makes security its top priority, providing a data centre and network architecture built to meet the requirements of the most security-sensitive organisations such as NASA, Atlassian and Dow Jones. AWS is constantly evolving its core security services such as identity and access management, logging and monitoring, encryption and key management, network segmentation and Denial of Service (DDoS) protection.
BundlePro stores data in the jurisdiction of origin, in the UK that is in Dublin, Ireland, in Australia that is in Sydney and in the United States in North Virginia. BundlePro actively works to take advantage of AWS services, following Information Security best practices.
BundlePro also makes continuous backups, so your BundlePro data will be up to date to the time you last connected to the Internet.
We keep your BundlePro data safe by adhering to industry best practices.
AWS has an extensive and constant Cyber Security presence (its reputation depends on it) and BundlePro too has its own Information Security Team. We continually monitor our AWS environment, implementing updates and patches in line with best practices prescribed by AWS.
You can find out more about AWS security in the AWS Security & Compliance Quick Reference Guide (2018).
4. Cloud Infrastructure
BundlePro’s cloud infrastructure is maintained by the industry leading cloud platform provider, Amazon Web Services (AWS), in multiple unmarked facilities within the Sydney region.
The terms of agreement between BundlePro & AWS, are here: aws.amazon.com/agreement
AWS has achieved a substantial amount of certification and compliance in industry standards, which recognise best practices in Information Security.
For a full listing of AWS certification and compliance, visit aws.amazon.com/compliance
5. Security Controls
BundlePro utilises multiple layers of security controls (software, physical and process based) to protect our client data. This includes, but is not limited to:
Local & Network Firewalls
Web Application Firewalls
Intrusion Detection Systems (IDS)
Multivendor Anti-Virus
DDoS Throttling Services
Access Control Lists
Security Patch Management
Identity and Access Management
Centralised Log Management
Symmetric and Asymmetric Encryption systems
Two Factor Authentication
Separation of Duties
Vulnerability Assessment
Anomaly Detection
Externally commissioned penetration testing
Externally commissioned audits
Remote Monitoring & Alerting
BundlePro understands security is of foremost importance to law firms. These are some security measures you can implement, alongside systems BundlePro has developed to strengthen security for your law firm.
6. Data Encryption
Each BundlePro application is accessed via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet against eavesdropping, tampering, and message forgery.
Once client data reaches BundlePro’s cloud infrastructure, all information is then encrypted at rest, using AES-256, military grade encryption.
7. Employee Vetting
All BundlePro staff who have direct access to our cloud infrastructure must go through an extensive vetting process, which includes police background checks. This ensures only bona fide team members are selected to look after our core platform.
8. Service Availability
BundlePro has been designed to be a highly available, active-active solution. BundlePro services are split over multiple AWS datacentres within the Sydney region. In the event of one data centre going offline in a disaster scenario, the second data centre continues to serve data with minimal, if any, service interruption.
BundlePro’s service is designed to scale up as more clients use it at peak times, and then scale down at low times. This scaling allows BundlePro to mitigate external attacks trying to flood our system resources.
9. Data Ownership
The data contained in BundlePro remains the property of the licensed subscriber. If the subscriber ends their agreement with BundlePro, it is the responsibility of the subscriber to remove data from BundlePro’s servers before it is deleted.
10. Backup Policy
BundlePro servers are backed up multiple times daily, weekly and monthly.
11. System Monitoring
BundlePro is monitored 24hours a day, 7 days a week, 365 days a year.
12. Found a Vulnerability?
At BundlePro, we strive to have the most secure solution we can. If you believe you’ve found a security vulnerability in our platform, please let us know on info@BundlePro.com.au.
13. Report a Data Breach
If you believe BundlePro client information has become publicly available, outside of BundlePro, please contact us immediately on info@BundlePro.com.au for validation.
BundlePro has a duty of care of our client’s data. If a data breach occurs, we must notify affected clients immediately.
14. Questions?
This statement reflects the security policy of BundlePro and is regularly reviewed and updated. It should be regarded as the primary source of truth regarding security within BundlePro. Any questions should be directed to info@BundlePro.com.au.
February 02, 2023
