I-RAP Security Accreditation
NGA.NET has achieved I-Rap Accreditation (a high level security accreditation administered by the DSD for IT suppliers to Commonwealth Government Departments and Agencies) for the supply of e-Recruitment solutions to the Australian Federal Police.
NGA.NET software products utilises a defense in depth approach to IT Security.
Within the NGA.NET eRecruit application, client data is protected within the three key areas:
At the NGA.NET eRecruit Server
- Production hardware is installed in four locked cabinets in a secure commercial data centre.
- Production network Firewall maintained by third party specialist that is configured to only allow ports 80/443 inbound
- Anti virus scanning of all uploaded files together with routine system wide scans. Anti virus signatures checked for updates every 4 hours.
- No access is available from the eRecruit application to the underlying infrastructure or database layers regardless of access level.
- User logins are created for the particular NGA.NET product client implementation at the application level and therefore access can only be granted for the particular client’s implementation. Thus users with privileged access can only view information relevant to their implementation.
During Transmission between the NGA.NET eRecruit Server and the end user
- NGA.NET provide and recommend SSL encryption between the application server and the client’s browser.
At the end user NGA.NET eRecruit
- supports standard password controls including password expiry, invalid attempt lockout, password construction requirements etc.
- supports IP address locking for configuration/administrative access (i.e. client portal (non candidate access) to prevent access by authorised users from non-client premises.
- can be configured for session timeout due inactivity.
- SQL injection exploits and URL based querying from the application server are trapped and blocked.
- Audit trail of user actions within the eRecruit application.