- All environments are hosted on self-contained Amazon EC2 platforms.
- File storage is secured on Amazon S3 servers which follow the above access / permission structure. Files are stored read only and key protected accessible only via Xtend system.
- All backups + repositories are stored on Github Private environment. Administration and permissions to these backups controlled by Codengine exclusively.
- Details on github private security here: https://help.github.com/articles/github-security/
CMS + User Data:
- System is built on October CMS structure + permissions recommendations
- No access is allowed to directories from external users beyond index.php
- User data encryption + management followed Laravel Auth protocols. All password and private user information is encrypted on the server and cannot be accessed by users including administration. It can only be overwritten and updated following encrypted reset flow.
Payment + Transactions:
- All payment details and records are stored via Westpac Payway. No Secure information or access is available in the Xtend Database.
- Card + Customer details are transferred between Xtend and Payway utilizing the Westpac ‘Payway Trusted Frame’ .js implementation to ensure client side security.
- All payment information is transferred of HTTPS SSL encrypted pages
- Accounting and finance information is stored on Xero and transfer complies with Xero guidelines