- Application – all data is stored on servers, and backup servers in Australia. CLASS can also ONLY be accessed via dedicated IP addresses (whitelisting). This is managed by NACLC and the developers.
- Permissions and User Accounts – Permissions (roles) set what each User can see and do in CLASS. This is managed by Centre Admins and the Helpdesk
- User Security – every person that uses CLASS must maintain strong passwords, anti-viral software, not share accounts and log out of CLASS when not in use
CLASS is a web- based, cloud application.
Security is a primary focus for all Users and Administrators.
There are multiple layers to CLASS security
Maintaining security is critical, Administrators act as gatekeeper for their users and permissions
There are a number of external security and legal standards that centres must comply with:
● The storage of data should comply with Australian Privacy Principles.
● Data will be hosted securely. Ideally in compliance with Australian Signals Directorate Cloud Services standards.
● The Hosting should comply with PII requirements of the sector.
● Data should be hosted in Australia – to meet above standards, and for the purpose of lowering data transfer times.
● Security and Data standards should be reviewed regularly (min 6 to 12 months) and reported to CEO / Board to ensure best possible compliance in the face of developments in the area of online security threats.