Data and security – overview
Microsoft Azure Infrastructure Security
Our technology runs exclusively on the Microsoft Azure platform, with our software running on Microsoft’s servers in Australia. For full, up-to-date security documentation, please visit the Microsoft Azure Security Documentation page. Here, you will find overviews of storage, network and data encryption policies, amongst other useful information.
All communications between KPI Works servers and the end users are encrypted using SSL, with our portals accessible only via an HTTPS connection. All data is encrypted in transit and at rest.
All user passwords are encrypted, both in transit and at rest, and are not visible in text format to the KPI Works team. Industry-standard strong password requirements are in place for all end users. Temporary and permanent lock-out systems help prevent unauthorised use. Scheduled forced password resets can be enabled on request.
Access to Data
Our proprietary permissions framework ensures all users gain access only to the data they require access to, and no more. Separate permissions define a user’s ability to load and re-load data. All access to KPI Works portals is logged and monitored in real time.
The primary sources of data in any KPI Works portal are the participating end users, and the data loaded by them is not verified by KPI Works. To do our best to promote data integrity, automatic data-check algorithms are set up in consultation with you at the beginning of each project and these prevent certain types of invalid data from being entered.