Tracing.co.nz Help & Support

The data is stored securely on an encrypted database hosted on Amazon Web Services in Sydney. All stored data is encrypted at rest by default. We chose to store the data on Amazon Web Services (AWS) due to our specific expertise and confidence hosting applications there.

Tracing.co.nz is built with the usual rigour we put into developing applications, which includes quality assurance processes such as peer and code reviewing any changes before they can be deployed. Secure coding best practices, like the OWASP Top 10 Web Application Application Security Risk, are also considered during development to ensure the application mitigates those risks.

Under our hosting agreement with AWS, we subscribe to the AWS Shared Responsibility Model, where AWS is responsible for security ‘of’ the cloud and MS is responsible for security ‘in’ the cloud.

AWS infrastructure follows the AWS Well-Architected Framework’s best practices outlined in the security pillar. Identity and Access Management (IAM) requires Multi-Factor Authentication (MFA) for all access to the AWS Management Console. Policies are configured to allow least privilege permissions. Security is applied at all layers instead of a single outer layer. Implementation of controls is defined and managed as version-controlled templates in code repository.

You can visit AWS's Cloud Security page for more information.