HowToo is proud to be ISO/IEC 27001 certified as a commitment to our clients, vendors and partners.
ISO27001 is an international standard for the best practice implementation of an Information Security Management System (ISMS). Read more
As one of the most complete security guidelines in existence, ISO 27001 ensures that certified organisations can be trusted for their management of top tier information security systems and data privacy. As an ISO 27001-certified business, you can have confidence that HowToo has prioritised information security and the handling of sensitive data across all our practices.
Even better, HowToo is voluntarily audited by AQCS Consulting at 6 monthly intervals to verify our effectiveness and compliance to this exceptionally high standard.
HowToo’s applications and your data is securely stored on locally-based servers provided by Amazon Web Services (AWS). AWS is the industry leader for providing secure, cloud-based computing.
With more security standards and compliance certifications than any other offering, AWS maintains the highest quality of physical, environmental, access and business continuity controls.
We employ AWS’s Australian data centers in the Sydney region so that your organisation can easily satisfy internal requirements.
Customer data is stored and processed on segregated databases with individual authentication.
The HowToo team follows strict on-site security measures to protect our office-based assets, including key card access, locks, visitor authorisation, security feeds and best-practice processes.
HowToo’s comprehensive, ISO 27001 accredited access control policy ensures that your data is rarely accessed. Strict, role-based user access is employed and managed via the AWS IAM Manager . Access logs are retained for 12 months and regularly audited. Access is conducted directly via trusted IPs.
HowToo is dedicated to the privacy of our customer’s data, and all business is conducted with adherence to the Australian Privacy Act (1988) and privacy principles.
HowToo exhaustively tests all software releases for security vulnerabilities prior to new releases in compliance with our ISO 27001 certification. Patch management is conducted weekly, as is vulnerability testing by external agency Qualys . Penetration testing is conducted regularly.
HowToo follows a formally implemented and documented Change Management Process at all times. Production/Service data is never used during product development, with strictly segregated development and staging environments employed. All updates are thoroughly reviewed by our team and our Quality Analyst using Jenkins CI/CD prior to release.