⸺ Security

Our Security

We take data security seriously. Our dedicated security team follows industry best practices and has adopted controls to keep our customers' data secure.

Enterprise-grade security
Applied at every phase of the SDLC
AES-256
Data encryption standard
TLS 1.2
Transport layer security
3
Global regions
24/7
Incident monitoring
ISO 27001:2022
SOC2 Type II
PCI-DSS SAQ A
GDPR Compliant

⸺ Our Approach

Security operations and best practices

Security practices are applied at every phase of the software development lifecycle, from requirements gathering to deployment and beyond.

Secure Software Development

  • Security requirements gathered at the earliest stages of development
  • Risk identification during design through threat modelling and attack surface analysis
  • Input validation controls incorporated into system design
  • Development teams use frameworks requiring secure coding practices
  • Code reviewed and tested by someone independent of the source code author
  • Automated security testing verifies controls are functioning as expected
  • Vulnerabilities identified and patched within strict timeframes monitored by the security team
Security Lifecycle
Requirements Security requirements gathered at project inception
Design Threat modelling and attack surface analysis
Development Secure coding frameworks and peer code review
Testing Automated security testing and validation
Operations Continuous monitoring and rapid patch management

Secure Software Development

We maintain a comprehensive inventory of information assets and follow industry-recommended operational security practices aligned with our security certification programs.

⸺ Certifications

Applicable International Standards

We apply internationally recognised standards across our product development processes and operational environments.

Certified

ISO 27001:2022

We are ISO 27001 certified. This standard sets out the specification for an effective Information Security Management System (ISMS).

Certified

SOC2 Type II

We are SOC2 certified. This cybersecurity standard defines the criteria for managing customer data based on five trust service principles.

Compliant

PCI-DSS

Our platform is PCI-DSS SAQ A compliant, ensuring secure integration with trusted payment providers and protecting cardholder data.

⸺ Platform

Platform and network security

Different members, different expectations, different growth pressures. Marketplacer is built to meet that complexity — whether you run a frequent flyer program, a telco membership scheme, a financial services rewards offering, or a health fund benefits program.

Security Testing

Penetration testing forms part of our continual improvement strategy and helps strengthen our overall security posture.

  • Periodic penetration tests across all applications
  • Timely remediation of discovered vulnerabilities
  • External security researcher program
  • Responsible Disclosure Policy for vulnerability reporting

Security Incident & Response Management

We have implemented safeguards to reduce vulnerabilities and protect customer data. Our Security Incident Response Procedure is designed to:

  • Minimise incident duration and impact
  • Contain and eradicate threats rapidly
  • Restore systems and services efficiently
  • Communicate with affected customers when required
  • Regularly tested to identify gaps and drive continual improvement

⸺ Partners

Technology partners

We partner with industry-leading providers to strengthen platform security and protect customer data. A complete Global Sub-processor List is available upon request.

aws logo

Amazon Web Services

Our primary cloud infrastructure provider. AWS delivers the scalability, reliability, and security foundations that power the Marketplacer platform globally.

snowflake

Snowflake

Enterprise data platform supporting secure, governed data storage and analytics across our platform operations.

cloudflare

Cloudflare

Network security and performance partner providing DDoS protection, WAF capabilities, and global content delivery for our platform.

⸺ Reliability

Platform and network security

Platform resilience and availability are top priorities. We maintain comprehensive plans to ensure continuity even in the face of unexpected disruptions.

Business Continuity Planning

We recognise that disruptions can occur unexpectedly. Our Business Continuity Management (BCP) Policy and Plan includes:

  • Recovery procedures for essential operations
  • Defined response teams and responsibilities
  • Annual testing and validation exercises
  • Ongoing review and improvement processes

Disaster Recovery

We maintain a Disaster Recovery Plan to restore platform operations following a major incident with minimal operational impact.

  • Regular disaster recovery testing
  • Continuous improvement and gap remediation
  • AWS failover capabilities across availability zones in AU, EU & U.

⸺ Product Security

Security in our products

Enterprise-grade security controls built directly into the Marketplacer platform.

Endpoint Security

Our platform includes antivirus protection and endpoint detection and response (EDR) capabilities, providing enhanced visibility and protection across all endpoints.

Antivirus

EDR

Monitoring

Security Incident & Response Management

We have implemented safeguards to reduce vulnerabilities and protect customer data. Our Security Incident Response Procedure is designed to:

AES-256

TLS 1.2

At Rest & In Transit

SAML Single Sign-On

Marketplacer integrates with your SAML SSO provider to centralise authentication and provide full visibility into platform access activity.

SAML 2.0

SSO

MFA

Customised User Permissions

Flexible user roles and permissions allow organisations to precisely control access to specific platform areas and functionality.

Role-Based Access

Least Privilege

Audit Logs

⸺ Our Approach

Security management program

We have developed a Security Management Program based on these recognised industry standards and regulations: ISO 27001, SOC2, PCI-DSS and GDPR. Our security policy and practice go through an extensive review every year. We hold ISO 27001:2022, SOC2 Type I and PCI-DSS certifications.

Our approach to availability ->
SOC2 logo
Cybersecurity Framework

Business Continuity Planning

We value the security researcher community. Our Responsible Disclosure Policy provides guidelines on how to report a security vulnerability or bug affecting Marketplacer products and services.

Cybersecurity Framework

We have adopted the NIST Cybersecurity Framework to strengthen cybersecurity operations and support ongoing risk management. Our SOC2 program ensures customer data is managed securely through established controls and processes.