Security Policy

Data security and protection

We at Class Super are committed to maintaining a secure environment for transmission of data between our service and you and for storage of data at all times. We take a malifaceted approach to meet this commitment. A fundamental element of safeguarding your confidential information is to provide protection against unauthorised access or use of this information. Unauthorised access takes many forms and requires a comprehensive response:

In-transit data-transmission:
Sensitive information is encrypted during transmission over the Internet, because it is easy and common for a hacker to intercept and/or divert data while in transit.
Strong cryptography is used for B2B transfers of customer data as well as end-user point-to-point transmission channels. The encryption used for end-user Web access takes the form of TLS encryption using strong ciphers with older vulnerable protocols being disabled.

Authentication and authorisation:
Class Super’s entire system is based on the concept of access on a need-to-know basis only. This is coupled with the use of privileges based on individual credentials. These are mapped in a highly granular fashion to ensure an individual user has access to only the data that they are entitled to view and modify. Clients are entirely partitioned off from each-other.
This is a logical partitioning. Our access control mechanism conforms to a rigidly implemented Business, Brand, Fund hierarchy. These elements permeate the system and prevent any unauthorised access.

Intrusion and system vulnerabilities:
Class conducts various activities to guard against these vulnerabilities. These largely fall into four areas:

• Topologies and devices: Network design and configuration
• Change Control: Process and procedure safeguards
• Vulnerability management: Regular security patches, Periodic Penetration Tests, Password Strength measures, Control of Credentials.
• Defense in depth: In addition to these specific individual areas, we use a layered architecture (with a clear separation of User Interface, Business Logic and Data Access code) which prevents against most opportunistic intrusion techniques such as SQL injection. Appropriate validation is also used to guard against such attacks.

Hardware and system failure:
Class expressly protects against two specific risks – loss of system availability and loss of data. The measures below apply to both risks.
Class operates a High Availability system. Hardware redundancy exists at all layers, and in most cases failover is automatic.
Class’ redundant database hardware receives an automatic data replication which duplicates the production data with a Business-Day Respose Point Objective (RPO) of fifteen minutes.
The automatic data replication service also targets two off-site locations (with the same PRO).
One of those offsite locations is Class’ Disaster Recovery (DR) site. This is located in another state and if a Disaster occurs that permanently disables Class’ primary production location then operations can be shifted to the DR site.

Questions or comments
If you have any questions of comments concerning Class’ Data Security and Protection please contact us at support@classsuper.com.au