Compliance


Hosting

Microsoft Azure

Dekko is hosted entirely on Microsoft Azure with the option of using our Australian or European instance and carries all of its storage certifications, notably:

  • ISO 22301, 27001, 27017, 27018
  • HIPAA/HITECH
  • DoD
  • NIST
  • SOX
  • UK G-Cloud
  • Australia APRA
  • GDPR

Other options

Dekko is incredibly flexible and can be configured to put your data wherever you need it; full cloud, on-premise, or hybrid. Please contact us with your requirements and we’ll work with you to deliver a solution that is both incredibly secure and perfectly tailored to your data requirements.

Certification

Dekko is independently certified by Enex Carbon. Our claims test report can be downloaded here.

Audit trail

Dekko’s security design uses the best balance of secrecy and traceability. The audit trail provides a who originated a message, who it was sent to, and who it was read by, without revealing the contents of the message itself. Message trails are uniquely identified and filtering means that finding the needle in a haystack is easy.


Notifiable Data Breaches scheme

Commencing February 22 2018, the Notifiable Data Breaches (NDB) scheme is an amendment to the Privacy Act (1988) that legally compels medium and large sized organisations handling Australian citizens’ data to notify the Privacy Commissioner and customers if they have experienced a data breach.

Key points included in the NDB scheme amendment:

Who is covered by the NDB scheme? – Federal Government agencies, private sector and not-for-profit organisations that have an annual turnover in excess of $3 million. Small businesses under $3 million that handle personal information.

Notification triggers – when there is unauthorised access to, disclosure or loss of customer information held by an entity, which generates a real risk of serious harm to individuals involved. This covers when devices containing customers’ personal information is lost or stolen, a database containing personal information is hacked, or personal information is mistakenly provided to the wrong person.

Data types – examples of the information types that may increase the risk of serious harm if there is a data breach include: ‘sensitive information’, such as information about an individual’s health, documents commonly used for identity fraud (including Medicare card, driver’s licence, and passport details), financial information, a combination of personal information (rather than a single piece of personal information).

Significant fines for noncompliance – up to $360,000 for individuals and $1.8 million for organisations.

More information:
https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme


General Data Protection Regulation

The EU General Data Protection Regulation (GDPR) is a new directive that has been designed to protect EU citizens from privacy and data breaches, greatly improving on the current regulations established in 1995. The GDPR will be enforced from May 2018.

Relevant key changes introduced under the GDPR:

Privacy by design – it is a legal requirement that systems are designed with the inclusion of data protection and privacy from the outset. This means that companies holding citizen data are legally responsible for the protection of such data and appropriate technical measures must be made to do so.

Right to access – citizens have the right to know if data that belongs to them is being processed, what this data contains as well as where and for what purpose.

Right to be forgotten – companies holding citizen data must erase all data associated with that citizen should they request it.

Breach notification – it is mandatory that a company holding citizen data must notify their customers without undue delay after becoming aware of a data breach.

Increased territorial scope – the GDPR applies to all companies holding citizen data residing in the European Union, regardless of location.

More information:
https://www.eugdpr.org/