Security
Feel confident your data and system are secure and protected
Membes is committed to the security of the system itself, as well as the data it is entrusted to store.
Membes takes data security and privacy very seriously. While we don’t like to expose too much information in relation to infrastructure and processes relating to security of Membes (as this information can empower the very people we are trying to protect the system from), below is high level overview of how we secure the system and the data it stores.
Data Centre
-
Membes stores information and data critical to the ongoing operations of its customers. As such Membes has multiple points of redundancy built into its physical infrastructure to ensure minimal outage and maximum recovery even from a catastrophic event taking out entire data centres.
-
The Membes applications and databases are hosted by leaders in technology infrastructure (Amazon Web Services) providing the highest levels of security and monitoring of data centres and infrastructure.
-
DDOS mitigation and real time security threat monitoring and detection are in place at all of our data centres.
-
Membes has a documented "in case of nuclear attack on a data centre" application continuity plan.
Application and Database
-
The Membes application and databases are housed within a secured VPC (Virtual Private Cloud) and can only be accessed by authorised individuals through a VPN (Virtual Private Network).
-
The Membes Application is secured by an industry leading WAF (Web Application Firewall).
-
The Membes database is secured within the VPC, is locked down so that it can be accessed from approved access points only and is secured behind three firewalls.
-
Membes development and maintenance adopts all industry best practices and standards in web application security, including but not limited to OWASP (owasp.org).
-
All data is backed up via a "Point-in-time recovery" backup regime. Backups never leave Australia nor the Membes secured VPC.
-
All traffic to and from the Membes system, and within the Membes system itself, is encrypted.
-
All sensitive information stored within the Membes system is encrypted or hashed at rest.
Processes and Protocols
-
Only a very limited number of authorised Membes employees can access production systems.
-
Any access to production systems is carried out under stringent protocols and processes.
-
3rd party contractors or suppliers cannot access production systems under any circumstances.
-
All Membes developers and engineers are residents of Australia and are located in Australia at all times while accessing production systems.
Membes security is continually tested, benchmarked and monitored against the following industry standards:
- The Open Web Application Security Project (OWASP)
- CWE/SANS Top 25 Most Dangerous Software Errors
- The Open-Source Security Testing Methodology Manual (OSSTMM)
SANS
ISO 2700x
National Institute of Standards and Technology Special - Publication 800-115 (NIST 800-115)
-
Membes stores information and data critical to the ongoing operations of its customers. As such Membes has multiple points of redundancy built into its physical infrastructure to ensure minimal outage and maximum recovery even from a catastrophic event taking out entire data centres.
-
The Membes applications and databases are hosted by leaders in technology infrastructure (Amazon Web Services) providing the highest levels of security and monitoring of data centres and infrastructure.
-
DDOS mitigation and real time security threat monitoring and detection are in place at all of our data centres.
-
Membes has a documented "in case of nuclear attack on a data centre" application continuity plan.
-
The Membes application and databases are housed within a secured VPC (Virtual Private Cloud) and can only be accessed by authorised individuals through a VPN (Virtual Private Network).
-
The Membes Application is secured by an industry leading WAF (Web Application Firewall).
-
The Membes database is secured within the VPC, is locked down so that it can be accessed from approved access points only and is secured behind three firewalls.
-
Membes development and maintenance adopts all industry best practices and standards in web application security, including but not limited to OWASP (owasp.org).
-
All data is backed up via a "Point-in-time recovery" backup regime. Backups never leave Australia nor the Membes secured VPC.
-
All traffic to and from the Membes system, and within the Membes system itself, is encrypted.
-
All sensitive information stored within the Membes system is encrypted or hashed at rest.
-
Only a very limited number of authorised Membes employees can access production systems.
-
Any access to production systems is carried out under stringent protocols and processes.
-
3rd party contractors or suppliers cannot access production systems under any circumstances.
-
All Membes developers and engineers are residents of Australia and are located in Australia at all times while accessing production systems.
Membes security is continually tested, benchmarked and monitored against the following industry standards:
- The Open Web Application Security Project (OWASP)
- CWE/SANS Top 25 Most Dangerous Software Errors
- The Open-Source Security Testing Methodology Manual (OSSTMM)
SANS
ISO 2700x
National Institute of Standards and Technology Special - Publication 800-115 (NIST 800-115)
What you can do to protect your data
Cloud based software that is properly secured and follows current day best practices is very secure. So much so that it is almost impossible for someone with malicious intent to hack into a system through the Application or an infrastructure or application vulnerability. In recent times, an overwhelming majority of data breaches are carried out through the practice of "Social Hacking".
There are a number of things you can do in your organisation to mitigate risks of a data breach.
- Each employee should have their own login to the system, and you should cancel or suspend all employee logins if they are no longer employed or on leave.
- Employees should not share their password with others, even other employees.
- Employees should update their password on a regular basis. (Membes forces period Administrator password updates).
- Restrict the ability to download (extract or export) sensitive data only to those that need it. In-fact good practice is to provide only one employee the ability to export data from the system. Any other employees needing extracted data must go through this person and provide a reason for obtaining the exported data.
- Exported data should only be saved to secured computers.
- Where exported data is no longer needed it should be deleted.
- Never send exported data as an email attachment. Always use secure file delivery services for this at all times.
- Ensure a data privacy policy is received from any 3rd party service providers that you need to provide exported data to (such as an events co-ordinator, trainers etc).
- Do not open attachments on emails if you do not know or trust the source of the email.
- Do not install unauthorised software on any computers that are used to login to the Membes system.
- Ensure anti-virus software is installed and kept up to date on any computers that are used to login to the Membes system.
Trusted by over 150 professional and trade associations globally
Pricing
Membes is enterprise level association software without the high price tag
Our team is passionate about the associations industry and that is why since 2001 we have been delivering a ready-made off-the-shelf software that is affordable – with no hidden costs!
Integrations
Integrated for maximum capability and syncronisation
Membes integrates with other leading specialist software platforms ensuring maximum capability and synchronisation between operational areas.