Security
The security, integrity, and availability of your data are our top priorities.
We know how vital it is to your business success. To ensure you never have to worry, we use a multi-layered approach to protect and monitor all your information.
- We strive to follow industry best practices when it comes to security and compliance using frameworks and guidelines such as OWASP, NIST, CIS, and CSA.
- Data protection: Your data is protected in rest by AES256 encryption and in transfer using TLS 1.2
- Our SOC, security operations center, is staffed 24/7 and is a centralised unit that deals with security issues on an organizational and technical level. Tasks include but not limited to: Weekly Vulnerability scans, Log analysis, anomaly detection, pattern deviation, threat hunting, firewall rule monitoring, deviation in port openings, and impossible logins.
- Security penetrations tests are performed at least annually by a third party.
- Continuous improvements are carried out by conduction security architecture review, threat intelligence & threat monitoring.
- Security Awareness training – Mandatory yearly training for all users and additional specific training for operations, support and security staff.
- Crisis Management and Incident Management Training for staff are done with both tabletop exercises and different types of gamification.
Personal data Guni receives in connection with your submission will be retained and protected under the company’s privacy policies and any applicable laws
A Guni representative will acknowledge receipt as soon as possible, typically within 48 hours.
Contact details: security@guni.com.au
Submit any vulnerability information following these guidelines:
- Do not engage in any activity that can potentially cause harm to Guni, our customers, our employees, or our bulk SMS services.
- Do not engage in any activity that can potentially stop or degrade Guni services, products, systems, or assets.
- Do not engage in any activity that violates
- federal or state laws or regulations or
- the laws or regulations of any country where
- Guni data, services, assets or systems reside,
- Guni data traffic is routed or
- the researcher is conducting research activity.
- Do not store, share, compromise or destroy Guni or customer data. If Personally Identifiable Information (PII) is encountered, you should immediately halt your activity and contact Guni.
- Do not initiate a fraudulent financial transaction.
- Provide Guni reasonable time to fix any reported issue, before such information is shared with a third party or disclosed publicly.
Certifications
Guni cloud communications platform for messaging and Guni Operator Software is certified under the framework established by an Information Security Management System conforming to ISO/IEC 27001 – 2022. Certificate No: SCK/05/GDP/24/61/1648
Guni believes certification is key to displaying our best practice in Information Security Management and our commitment to building customer trust.
What is ISO 27001?
The ISO 27001 certificate is the most globally recognised information security standard defined by the International Organization for Standardization (ISO). As the top certification for Information Security.
Management Systems (ISMS), it prescribes a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes, and IT systems by applying a risk management process.
Our Data Centre vendor (AWS) – Sydney/Melbourne is accredited with the following assurance programs/standards:
- PCI DSS Level 1
- SOC 1/ ISAE 3402
- SOC 2
- SOC 3
- IRAP (Australia)
- ISO 9001
- ISO 27001
- MTCS Tier 3 Certification
- FERPA
- ITAR
- Section 508 / VPAT
- FedRAMP (SM)
- DIACAP and FISMA
- NIST
- CJIS
- FIPS 140-2
- DoD CSM Levels 1-2, 3-5
- G-Cloud
- IT – Grundschutz
- MPAA
- CSA
- Cyber Essentials Plus
- Regulation 2016/679 of the European Parliament
What does this mean for you as a customer?
We take the security of your information seriously and have implemented sophisticated security measures to safeguard it. We want our customers to rely on and fully trust our technology and services.
Getting ISO 27001 certified is a testament to the fact that Guni prioritizes data security. But it also ensures that we:
- Protect customer data rigorously
- Assess, minimize, and eliminate risks and vulnerabilities
- Work continuously with our security maturity
- Achieve operational excellence regarding our IT, HR, and information processes
Continuous improvement
Our mission to security doesn’t end here. Information security is an ongoing process and we will keep working hard to maintain and exceed our standards to protect both company and customer data. Yearly audits will be performed by an external auditor to attest to our continuous compliance as we continue to develop and grow our business.
Business Continuity
Guni has a business continuity plan in place that is tested and updated at least annually. The business continuity plan is available upon request.
Benefits we have already realized in the process
Guni now has the freedom to operate without the use of its global office network. Through our business continuity planning, we have freed ourselves from the physical office and can securely offer Guni services to our clients in the event of natural disasters or pandemics
Get Live Demo
See how you can send SMS campaign in less than 5 minutes!
