Ballot Engine™ - developed from the ground up
We are committed to information security. Our proactive approach to data protection means that we build our software using the best available security technology.
Ballot Engine™ is developed under a software quality and security assurance (SQSA) program. We apply Open Web Application Security Project (OWASP) industry standard secure coding guidelines and release cycle testing using automated, manual and exploratory testing techniques to reduce risk within the software development cycle.
Ongoing assurance is provided via the engagement of third-party CREST-accredited security partners for annual as well as on-demand security testing.
CorpVote maintains a robust, secure and reliable network infrastructure with our hosting partner. Our partner is ISO 27001 certified and is validated as a Level 1 service provider under the Payment Card Industry Data Security Standard (PCI DSS).
Our partner undergoes annual System and Organisation Control audits (SOC 1 and SOC 2). This independent third-party technology audit ensures compliance with best practice for the security of network assets and the CorpVote system.
Monitoring and logging
We continuously monitor our security systems, event logs, notifications and alerts from all systems to identify and manage any emerging threats.
Log aggregation technology provides a full, compliance-ready activity log that streamlines compliance reporting and any investigation, should it be required.
These features keep us informed across our environment and help us improve our security posture while reducing our risk profile.
Scalability and reliability
Built on autoscaling and load balancing infrastructure, Ballot Engine™ can be scaled up or down based on demand.
By using security hardened instances backed by a robust patching policy, we are able to ensure the reliability of our infrastructure over time.
We use the world’s fastest managed DNS provider to maximise our voting application’s performance.
Ballot Engine™ employs DNS-level security such as DNSSEC, WAF, HTTP/2, TLS 1.3, DDoS attack protection and load balancing features.
We apply additional security layers to your data at rest and in transit, providing scalable and efficient encryption features to protect your data at all times.
We use certificated TLS v1.2 with strong ciphers to protect data in transit, and AES-256 to encrypt data at rest.
All our applications and infrastructure are hosted in Australia and subject to Australian law.
We can deliver isolated instances of our secure platform in any region of the world as required.
Understanding which laws are being applied to your personal data and voting transactions is important.
Our security engagement program enables organisations to review our security credentials and assess our compliance with their own security requirements.
The program allows organisations to evaluate our technology and IT security approach promptly. We will provide all the information you need to be assured that your security is our priority.