PX4 Security
Home / Security
What about PX4’s security, you ask?
PX4 operates with a robust Information Security Management System. All practices, policies and internal procedures align with the ISO 27001:2022 standard, the international benchmark for Information Security Systems. In 2024, PX4 received formal ISO 27001:2022 Certification, located here.
Here’s just some of the security practices we’ve invested in:
Being a cloud-based (SaaS) service, we understand the need for the highest levels of IT security, and this is built into all of our systems and processes and reflected in our contractual terms.
Reliable, secure and encrypted data storage (according to encryption standards, stored in Sydney, Australia and hosted by globally recognised server provider Azure).
All data are backed up on external servers and are copied in triplicate for redundancy (just in case something goes wrong for us – or in a client environment!).
PX4 arranges regular and independent (third-party) system penetration testing. Our clients also conduct penetration and security testing, and we welcome that.
ISO 27001:2022 Certified. The international standard to manage information security.
Regular information security and cyber awareness training for all PX4 staff.
An information security framework (referencing OWASP, ISO38500 & CoBit frameworks & ISO27001:2022 certification).
Regular information and system security risk reviews and implementation of treatment plans and strategies.
Regular vulnerability scans over public interfaces and customer supporting systems and infrastructure.
A security and/or critical incident response notification, investigation and resolution system.
Regular testing of PX4’s data recovery service.
PX4 maintains a flexible data retention & destruction policy, that can be amended or modified to suit our client’s business needs. PX4 retains data for six (6) months after termination of a subscription.
All software and hardware tasks are tracked using JIRA (in line with best practice).
Tokenised access for users with different tiered access (administrator / editor / viewer) with company level access and control of all data.
Passwords are set to a high complexity pattern, and require multi-factor authentication to login with a new device or a new IP address.
Client data are logically separated to eliminate potential cross over access.
All updates to data by any PX4 user are logged in a comprehensive and reportable audit trail. This means that from day one every change made to each client’s environment is logged and tracked.
The target service level agreement (SLA) for uptime and support are defined as 98% and above, however PX4 availability is 100% over any 12-month period.
We guarantee no planned outages – PX4 software can be updated without the need for system outages.
Customer data is only accessible on an operational ‘need to know’ basis. Access to distinct cloud storage areas and encrypted passwords is restricted by individual employee. This access is restricted and managed by senior staff, and includes routine review.
PX4 regularly undertakes internal testing and security reviews, such as automated vulnerability scans to detect known CVEs, open ports and application-level security weaknesses.
PX4’s insurances cover public liability, professional indemnity and product liability (& cyber security).
The leading product in the mining and exploration industry
PX4 Software’s dedicated, professional and highly experienced team uses the power of the PX4 Engine to deliver the best possible solution for our clients.
The leading product in the mining and exploration industry
PX4 Software’s dedicated, professional and highly experienced team uses the power of the PX4 Engine to deliver the best possible solution for our clients.