At ROLLER we consider data integrity and security to be of utmost importance, hence why we’ve chosen to host our platform with Amazon Web Services (AWS), one of the most secure cloud computing environments available today.


CLOUD SECURITY

 
The AWS cloud infrastructure is housed in AWS’s data centres, designed to provide the highest availability while putting strong safeguards in place regarding customer privacy and segregation. The infrastructure is protected by extensive network and security monitoring systems, and is continuously scanned and tested.

AWS builds its data centres in multiple geographic regions as well as across multiple Availability Zones within each region to offer maximum resiliency against system outages. AWS designs its data centres with significant excess bandwidth connections so that if a major disruption occurs there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.

Further information about AWS infrastructure can be found here (https://aws.amazon.com/security)
 

COMPLIANCE

 
AWS systems and data centres adhere to the most stringent compliance programs, with certifications from accreditation bodies across geographies and verticals, including but not limited to;

PCI DSS Level 1
SOC 1/ ISAE 3402
SOC 2
SOC 3
IRAP (Australia)
ISO 9001:2008
ISO 27001:2013
ISO 27017:2015
ISO 27018:2014
MTCS Tier 3 Certification (Singapore)
MLPS Level 3 (China)
Further information about AWS Compliance Certifications can be found here (https://aws.amazon.com/compliance/)
 

WEB AND MOBILE APPLICATION DEVELOPMENT

 
ROLLER is committed to designing, building, and maintaining secure systems for our clients.

  • All applications are regularly scanned for common security vulnerabilities including the OWASP Top Ten.
  • Regular training on Secure Coding Practices is provided. All engineers must attend training session.
  • No credit card information is permitted to be stored on any mobile device.
  • Use of encryption for both storage and transmission of sensitive information is regularly audited.
  • All access to test and production environments are secured by multi factor authentication (MFA) and only available to our senior engineers who have security clearance.
 
ENCRYPTION

 
ROLLER uses strong encryption methods and key management procedures to ensure your sensitive information is protected.

  • ROLLER’s website and APIs are accessible via a 256-bit SSL certificate issued by GeoTrust.
  • Credit card information never passes through our servers (goes directly to payment gateway) and therefore is never stored by our servers.
     
INCIDENT RESPONSE 

 
While we don’t anticipate there ever being a breach of our systems, we know that no computer system is perfectly secure.

  • In the event of a breach of ROLLER’s platform, we have a detailed Incident Response plan in place.
  • Periodic testing of the response plan.
  • ROLLER has 24×7 monitoring of its services and immediate alerts.

 

PCI DSS

Roller operates in accordance with the controls recommended by the PCI Security Standards Council. https://www.pcisecuritystandards.org

It is the responsibility of all customers to protect the security of cardholder data and maintain information on how a service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment. 

Roller conducts an annual review of its compliance using an independent Qualified Security Assessor (QSA) from Privasec Pty. Ltd. 

Should you have any questions or would like a copy of Roller's AOC please email our legal and compliance team at security@rollerdigital.com