Security

At OwnHome we take security seriously. Our cyber security program is focused on keeping our systems and customer data safe. We’re happy to answer any questions about your security at security@ownhome.com or privacy at hello@ownhome.com.

Protecting your data

All our customer and financial data is hosted and stored in trusted cloud platforms/vendors. Platforms & vendors we use hold the highest cloud compliance certifications available, including but not limited to ISO27001, ISO27017, SOC 1/2/3, PCI DSS, HIPAA and GDPR. 

All data that OwnHome stores and transmits within the platform leverages AES-256 encryption for maximum protection and security. This encryption is at the FIPS 140-2 standard - the IT security standard for encrypting data during transits and persistence

Security Program

Our security program is continuously aligned, tested and iterated upon based on industry best practice.

The security frameworks we use as a benchmark: Australia Cyber Security Centre Essential 8, NIST Cybersecurity Framework, ISO/IEC 27001, SOC 2.

The security of our suppliers and partners can directly affect our own. We choose whom we work with carefully, and ensure that they also implement good security.

The fundamentals which we focus on are the following:

  • Controls on access to OwnHome systems and customer data using leading security standards such as VPNs, network control, and multi-factor authentication.
  • Encryption of all sensitive data (especially customer information) both in transit and at rest
  • Continuous logging and monitoring to detect controls failure and abnormal activities and to ensure timely response
  • CI/CD pipeline to enforce code security at every stage of the Software Development Lifecycle

Vulnerability Disclosure Program

We provide security researchers a process to formally disclose potential vulnerabilities, across any of our online platforms. If you are a security researcher, or simply have come across a vulnerability, then you may want to consult our disclosure program.