What about PX4’s security, you ask?
At PX4, we take the security of our system and the security of all client data very seriously. We know how important data security is to our clients and the individual users of PX4 and our company ethos places a very high priority on these matters. We’ll continue to invest heavily to make sure our systems and all data are extremely reliable and secure, respectively.
Here’s just some of the security practices we’ve invested in:
Being a cloud-based (SaaS) service, we understand the need for the highest levels of IT security, and this is built into our contractual terms
Reliable, secure and encrypted data storage (according to encryption standards, stored in Sydney, Australia and hosted by globally recognised server provider Vultr).
All data is backed up on external servers and are copied in triplicate for redundancy (just in case something goes wrong for us – or in our client’s environment!)
Regular and independent (third-party) system penetration testing. Our clients regularly conduct penetration and security testing, and we welcome that
Recognised, information security certifications (ie SOC 2 and ISO 27001:2013 to be attained by early 2023)
Regular information security and cyber awareness training for all PX4 staff
An information security framework (referencing OWASP, ISO38500, ISO 27001 and CoBit frameworks)
Regular information and system security risk reviews
Regular vulnerability scans over public interfaces and customer supporting systems and infrastructure
A security incident client notification system
Regular testing of PX4’s data recovery service
We maintain a flexible data storage policy, that can be amended or modified to suit our client’s business needs. PX4 retains data for up to 60 days after termination of a subscription
Software and hardware changes are tracked using JIRA (in line with best practice)
Tokenised access for users with different tiered access (admin / editor / viewer) with company level access control to all data
Passwords are set to a high complexity pattern, and require multi-factor authentication to login with a new device or a new IP address
Data from different clients is logically separated to eliminate potential cross over access
All updates to data by any PX4 user are logged in a comprehensive and reportable audit trail. This means that from day one every change made to each client’s environment is logged and tracked
The target service level agreement (SLA) for uptime and support are defined as 98% and above, though we are currently operating at 100% over more than 12 months
We guarantee no planned outages – our software can be updated without the need for client outages
Customer data is only accessible on an operational ‘need to know’ basis. Access to distinct cloud storage areas and encrypted passwords is restricted by individual employee. This access is restricted and managed by senior staff, and includes routine review
PX4 regularly undertakes internal testing and security reviews, such as automated vulnerability scans to detect known CVEs, open ports and application-level security weaknesses
PX4’s insurances cover public liability, professional indemnity and product liability (& cyber security).
The leading product in the mining and exploration industry
PX4 Software’s dedicated, professional and highly experienced team uses the power of the PX4 Engine to deliver the best possible solution for our clients.