We place a strong emphasis on safeguarding your data, with comprehensive compliance measures in place to maintain its security.
Pen Testing
Satori performs regular penetration testing to maintain a secure and dependable platform. These assessments are intended to enhance protection, secure data, and respond to evolving threats.
Regular security audits and independent reviews
Satori completes routine audits and independent reviews to assess the effectiveness of its security controls. These evaluations verify compliance with industry standards and provide transparency in how your data is managed.
User Permissions and Least-Privilege Access Control
We ensure access to your data is limited to authorised personnel only through adaptable permissions and robust access controls. These capabilities help define responsibilities, enforce boundaries, and safeguard sensitive information.
FAQ’s
Who has access to my data?
Your data remains private and protected. Satori ensures that no unauthorised individuals, including Satori staff, can access or alter your records.
Is Satori compliant with industry security standards?
Yes. Satori is certified to ISO 27001:2022.
How does Satori ensure secure user authentication?
Satori provides multi-factor authentication, session timeouts, and encrypted credentials. IP whitelisting is also available to enhance security.
Can I control which team members have access to Satori?
Yes, you have complete control over user roles and permissions, with the ability to add, modify, or remove users as required.
Can I track changes made through Satori?
Yes. Satori maintains activity logs that capture both merges and user actions for full visibility.
Where is my data processed and stored?
Your data is hosted and processed within Microsoft Azure and AWS data centres located in Australia.
What happens if there is a security breach?
In the event of a security breach, Satori follows a defined Incident Response Plan aligned with ISO 27001 standards:
- Detection and reporting: Incidents are reported immediately and categorised based on severity.
- Containment and mitigation: The Incident Response Team (IRT) evaluates impact and implements rollback or containment actions where required.
- Investigation and root cause analysis: Logs and evidence are analysed to identify the cause and prevent recurrence.
- Communication and notification: Affected users, regulators, and internal stakeholders are notified in accordance with legal obligations.
- Remediation and prevention: Weaknesses are addressed, monitoring is strengthened, and preventative controls are introduced.
- Post-incident review: Outcomes are documented and lessons learned are incorporated into future practices.
- Compliance and audit: All incident responses are recorded to support audit requirements and regulatory compliance.