End-to-End Security

OmniStar is hosted entirely on Amazon Web Services (AWS), providing end-to-end security and privacy features built in. Our team takes additional proactive measures to ensure a secure infrastructure environment. For additional, more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.

IRAP compliance

Security and trust are integral at OmniStar. We have achieved PROTECTED classification level in Infosec Registered Assessors Program (IRAP) Assessment. Our continued IRAP Assessment ensures our organisational and technology controls are independently audited at least annually. Please contact us for OmniStar's latest report.

ISO certification

ISO 27001 is considered to be the highest international standard of information security as it relates to customer data. Following an extensive audit process the ISO 27001 certification confirm that OmniStar meets the highest international standards for security, reliability, quality, and trust. These certifications also prove OmniStar commitment to continuously improving its information security posture. Please contact us for OmniStar's latest report.

GDPR compliance

As a data processor, OmniStar is committed to GDPR compliance. We have implemented robust measures to protect personal data and respect the rights of data subjects. This includes comprehensive data processing agreements, state-of-the-art security measures, data minimization practices, and assistance with data subject rights. We have appointed a Data Protection Officer, conduct regular staff training, and maintain records of our data processing activities. Our commitment to GDPR compliance is integrated into our product development and business processes, ensuring ongoing protection of personal data entrusted to us by our clients.

Data center security

OmniStar customer data is hosted by Amazon Web Services (AWS), which is certified SOC 2 Type 2. AWS maintains an impressive list of reports, certifications, and third party assessments to ensure complete and ongoing state-of-the-art data center security.

AWS infrastructure is housed in Amazon-controlled data centers throughout the world, and the data centers themselves are secured with a variety of physical controls to prevent unauthorized access. More information on AWS data centers and their security controls can be found here. For additional, more specific details regarding AWS security, please refer to https://aws.amazon.com/security/.

Application security

All OmniStar web application communications are encrypted over TLS 1.2, which cannot be viewed by a third party and is the same level of encryption used by banks and financial institutions. All data for OmniStar is encrypted at rest using AES-256 encryption.

We actively monitor ongoing security, performance and availability 24/7/365. We run automated security testing on an ongoing basis. We also contract a third party for penetration testing. Regarding privacy, you can view our full privacy policy here.

Infrastructure Security

OmniStar's infrastructure is hosted in a fully redundant, secured environment, with access restricted to operations support staff only. This allows us to leverage complete data and access segregation, firewall protection, and other security features.

Encryption at Rest

Two-factor Authentication

Single Sign-on

Frequently asked questions

Yes. OmniStar is compliant with a range of security and data integrity standards and guidelines. These include:

  • SOC 1/ISAE 3402, SOC 2, SOC 3
  • FISMA, DIACAP, and FedRAMP
  • PCI DSS Level 1
  • ISO 9001, ISO 27001, ISO 27017, ISO 27018
  • IRAP

Our data storage partner is AWS, and we host all our data onshore in Australia or in the United States depending on where the client is located and what laws need to be complied with.

A comprehensive API is available OOTB with OmniStar. The API provides a variety of functions including the ability to query, create, update and delete records in the system.

HMAC-based authentication is provided across the OmniStar APIs. This authentication method involves signing each HTTP request with a pre-shared secret key (and including a corresponding access key along with the request).

In addition to being able to change data within OmniStar, additional APIs exist to allow for registration and sign in so that these functions can be embedded natively on websites or alternative landing pages.

With the purchasing of the OmniStar Enterprise Reporting bundle, direct access to the OmniStar data warehouse is available through a variety of mechanisms including SQL Server Management Studio and PowerBI. Support for Amazon DMS replication to locations such as Azure Data Factory/Lake is also available.

All data is owned by you. We make various functions available so that the data can be easily exported in spreadsheet format with unique identifiers maintained so that referential links between records are maintained. We also provide an export service to extract the entire database in spreadsheet format should you require us to do the heavy lifting.

All data in OmniStar is backed-up every 15 mins and stored in replicated locations for a period of up to 7 years to provide long term recovery and compliance with various regulations.

Please refer to the FAQ “How does your platform work to ensure security and integrity of data”.

Yes, we have worked hard to ensure that OmniStar adheres to the highest security standards to protect illegal access. Please refer to the FAQ “How does your platform work to ensure security and integrity of data”. Regularly penetration testing is performed by independent security specialists. Vulnerability testing and static code analysis are performed on a weekly basis with any issues resolved within 2 days of being identified.

We will only access your data once permission has been obtained from you to do so. This is to assist with resolving support tickets that have been raised. We do not access your data any other time.

Various security guidelines and standards are tested regularly. Disaster recovery and business continuity are tested every quarter and annually respectively. Regularly penetration testing is performed by independent security specialists. Vulnerability testing and static code analysis are performed on a weekly basis with any issues resolved within 2 days of being identified.

We provide a set of standard data migration templates to facilitate quick and easy migration of data into OmniStar. Full support for this process is provided as a part of our implementation services. For more complex data sets, a bespoke OmniStar data migration tool is used to ingest and transform data into the platform.

Questions about security or compliance?

At OmniStar, we prioritise the security of our clients' data whilst maintaining optimal application performance and user experience. Our approach balances robust data protection measures with efficient system operation, ensuring a secure and responsive environment for our users. To discuss a vulnerability or other security concern, please review our vulnerability disclosure policy or contact us.