Privacy and Security for PACFA members

PACFA understands the uncompromising need for its members' information to remain private and secure. This is why PACFA's membership database and website platform, iMIS EMS, is certified under the International Organisation for Standardisation’s (ISO) global standards for information security management systems.

Advanced Solutions International (ASI), the company that owns iMIS, has had our iMIS version certified against the standard which "specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organisation."

The standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organisation.

ASI believes that iMIS is the only platform of its kind to have achieved this benchmark, representing the highest standard for information security.

While ASI meets the highest standard of information and data security, it is important that members take their own steps to protect their personal information, by not sharing their login and password.

In addition to certification against the international standard, ASI’s protocols for iMIS to safeguard the system include: 

  • Secure development and testing policies in accordance with Open Web Application Security Project® guidelines

  • Conducting quarterly internal web application penetration testing

  • Engaging a third party on an annual basis to perform web application penetration testing

  • Engaging a third party on an annual basis to perform full penetration testing of every regional production operations environment

  • Deploying SentinelOne Managed Detection Response (MDR) antimalware agents on every endpoint in all ASI networks

  • Partnering with Critical Start and their global Security Operations Center to continuously monitor the SentinelOne MDR agents

  • Reinforcing security protections with Azure Security Center deployed across all app services, SQL Server Databases, key vaults, and container registries in every regional production operations environment

  • All Cloud Standard sites are protected behind a CloudFlare Web Application Firewall (WAF) to stop attacks before access is granted to any page on any iMIS website

  • Conducting file integrity monitoring with the LogRhythm Security Information and Event Management (SIEM) and aggregates all monitored logs.