Skip to main content
All CollectionsIT, Technical and BillingSecurity
How is IT security managed at Tribal Habits?
How is IT security managed at Tribal Habits?

Learn more about our approach to IT security and how to access our Security Portal.

Lou Monsour avatar
Written by Lou Monsour
Updated over a year ago

Tribal Habits’ approach to security is based on meeting the equivalent of ISO 27001 Certification standards. Please note that at this time, we have not applied for certification but have adopted an internal standard in line with ISO 27001 and will seek ISO 27001 formal certification at a future date.

Security Portal

You can review our detailed security processes and policies at our dedicated Security portal located at https://security.tribalhabits.com/.

Core Security Principles

Security at Tribal Habits is underpinned by the following eight core principles.

Secure Hosting

We host all data with Amazon Web Services in Sydney, Australia. AWS is the gold standard for SaaS platforms offering unparalleled built-in military-grade security options. This includes DDOS protection, customised firewalls, AI-driven intrusion protection, automated vulnerability scanning and more.

Default Encryption

All data stored (at rest) at Tribal Habits is encrypted by default using an industry-standard AES-256 encryption algorithm. This includes our database as well as all files, assets and code. All data transferred to users is encrypted via TLS security using a SHA2 certificate with a full 2048 bit key.

Secure Development

Our code is high quality from conception to deployment. We use automated static code analysis alongside human review to ensure best practices are implemented across code pushes. Responsive development means new features, resiliency improvements and bug fixes arrive weekly and seamlessly.

Continuous Monitoring

We monitor our security posture 24/7 via AWS Security Hub. This includes AWS Guardduty for real-time intrusion alerts and AWS Inspector for automated vulnerability reporting. We also engage independent 3rd party annual vulnerability and penetration testing.

Secure People

A critical part of security are our people. All Tribal Habits staff complete regular (semi-annual) training on information security, social media and phishing. Development teams undertake extra training on OWASP Top 10 and best practices in secure development principles.

Built-in Redundancy

Tribal Habits utilises AWS Elastic Beanstalk technology to distribute our platform across multiple instances and availability zones within the AWS infrastructure. Load balancers and auto-scaling rules ensure we have multiple failover instances to prevent outages. Our uptime is live and public.

Trusted Partners

While the vast majority of Tribal Habits code is developed internally, we integrate with selected trusted partners to provide world-class features when required. All our partners must have ISO 27001 or SOC 2 Type 2 certifications. Partners are integrated via secure Restful APIs with restricted access to key features.

Continuous Improvement

Our security practices are constantly under review, including analysis and reports from external third parties. We have detailed Incident Management and Disaster Recovery plans, including simulated incidents and game-day security training for our team. We regularly review and update our code with latest practices.

Did this answer your question?