Cybersecurity is a continually evolving threat, and so we leverage the NIST Cybersecurity Framework as a foundation for managing and reducing security risks.

​

Physical Security & Data Hosting 

Amperfii’s services and data are hosted in Amazon Web Services (AWS) facilities in Sydney, Australia.

​

Logical Access 

Access to the Amperfii Production Network is restricted by an explicit need-to-know basis, utilizes principles of least privilege, is frequently audited and monitored, and is managed by our company directors.

 

Access to all digital assets including production infrastructure and services used by the Amperfii team leverages multi-factor authentication. Employees are subject to extensive background checks prior to employment.

​

Backup and DR

On an application level, Amperfii produces audit logs for all activity, ships logs for analysis and uses S3 for archival purposes. All actions taken on production consoles or in the Amperfii application are logged.

​

We back up customer data on an hourly basis and are able to recover and restore customer data in a DR event if required.

​

Permissions and Authentication 

Access to customer environments & data is limited to authorized privileged employees who are responsible for managing & supporting customer environments, and protected by multi-factor authentication.

​

Encryption

All data sent to or from Amperfii is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL. All stored customer data is encrypted at rest.

​

Vulnerability Scanning & Penetration Testing

Amperfii uses third party security tools to continuously scan for vulnerabilities. We engage with independent third-party security experts to perform detailed penetration tests on our application.

​

Security Incident Monitoring & Response  

Amperfii has monitoring in place to detect intrusion attempts across our cloud infrastructure.

 

In case of an alert, events are escalated to Amperfii providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.