- On March 5, 2020
How secure is your data? Are you compliant with all the relevant laws and policies? Read on to see how Smartabase is setting a new industry standard for Athlete Management Systems and security in sports technology.
SECURE BY DESIGN
Fusion Sport takes the security, performance and reliability of our technology platforms extremely seriously. We continue to invest heavily in our security program to ensure our products meet the industry best practices and standards that apply to the data environments of our most regulated customers.
We’ve taken the time to consider the various security, privacy and compliance considerations that come with managing human performance data in the modern world and consolidated it all into the robust Fusion Sport Security Framework. Our experienced Information Technology and Security staff oversee the framework’s implementation across our company and its product suite.
Smartabase offers powerful security features:
- Single sign-on and enhanced application access security
- Administration capabilities with group and role-based access control (ABAC)
- Multi-factor authentication available
- Full encryption on all data in transit and at rest
- High availability infrastructure by default
- Robust backup systems with full backup encryption to ensure maximum data redundancy
- Data backups compressed then encrypted to ensure they cannot be compromised
- 24×7 active threat monitoring and alerting
- Comprehensive audit trails
- Built-in license auditing options for authorized client administrator to retrieve a report on all user accounts, including which groups and roles they have access to and last login date for every user account
- More in development – watch this space
Smartabase is set apart by Fusion Sport’s dedication to our secure development practices that align with our secure-by-design philosophy. We develop each of our products with the security and privacy of our customers and users in mind.
Some of the standards reflected in our software development processes include:
ISO 9000 and ISO 27001,
NIST 800-53 and FedRAMP
Trust Services Criteria
GDPR, HIPAA and PIPEDA
ROBUST SYSTEM ARCHITECTURE & INFRASTRUCTURE
Fusion Sport aligns its infrastructure security policies with the Australian Government’s Protective Security Policy Framework and the Australian Cyber Security Centre’s Information Security Manual. To meet these high standards, Fusion Sport partners with globally recognised commercial cloud hosting providers, including Amazon Web Services (AWS) who maintain relevant global certifications for globally recognized compliance standards and regulations. The most current information on AWS infrastructure compliance is kept on their website www.aws.amazon.com.
Smartabase is provided as a Software-as-a-Service (SaaS). Depending on the IT requirements of your organisation, the product can be hosted in your local data center or virtually in a designated public or private cloud.
If you would like more detail or have questions on any of the above, please email firstname.lastname@example.org or contact your lead Sport Science Consultant directly for more information.
DATA PRIVACY LAWS & COMPLIANCE
Our technology platforms allow our customers to securely capture, store, analyse, share and understand the human performance data that is important to them. When that data falls under one or more data protection laws, Fusion Sport aims to give users the tools they need to meet compliance requirements with confidence.
The governing bodies behind these data protection laws have the expectation that data will be managed strictly according to their regulations as part of a wider cyber security program that also prioritizes good corporate governance and effective cyber security controls. Fusion Sport’s Security Framework considers and maintains industry best practices and standards that apply to the data environments of our most regulated customers.
How does Smartabase help my organisation meet the data privacy requirements for my region?
North America :
- HIPAA and PIPEDA – Smartabase is currently compliant through self-attestation. Achieving HITRUST certification is on the Fusion Sport Assurance Roadmap for 2021.
- Business Associate Agreement (BAA) – Fusion Sport is more than happy to enter into an appropriate Business Associate Agreement with its North American clients upon request to help them meet their data protection requirements.
- Safe Harbor – AWS (Fusion Sport’s preferred cloud hosting provider) is a participant in the Safe Harbor programs developed by the US Department of Commerce and the European Union/Switzerland.
Europe & the United Kingdom:
- GDPR – When handling personal data on behalf of a European citizen, Fusion Sport acts as a Data Processor under the EU General Data Protection Regulation 2016/679 (GDPR). Fusion Sport is more than happy to enter into an appropriate Data Processing Agreement with its clients upon request to help them meet their data protection requirements.
- UK Data Protection Act – Fusion Sport is a Registered Data Controller with the Information Commission in the United Kingdom. We are registered under the UK Data Protection Act, registration number ZA286179.
- Privacy Acts – Australia and New Zealand Fusion Sport manages privacy compliance in accordance with these complimentary privacy acts The Privacy Act 1988 (Cth) (the Privacy Act) and the New Zealand Privacy Act 1993 and their associated privacy principles.
FURTHER SECURITY SUPPORT
In addition to our frameworks and processes detailed above Fusion Sport can assist our clients with the following:
Security Policies – Fusion Sport’s Security Framework is underpinned by policies that give direction to all security efforts of our organization. Our Information Security Policy can be made available upon request.
Customer Audits – As part of an existing legal obligation or agreement Fusion Sport is happy to provide all information necessary to demonstrate compliance with our obligations. This includes inspections by a customer organization, or an ac-credited third-party auditor agreed to between Fusion Sport and the organization, in relation to the processing of personal data by the contracted processors.
Data Protection Impact Assessment (DPIA) – Fusion Sport is happy to assist our clients in the process of carrying out a DPIA by providing advice and any necessary information, where appropriate. Fusion Sport as a Data Processor will work closely with your Data Protection Officer, Information Security staff, legal advisors and /or DPIA representative to provide advice on your DPIA.
What has always set Smartabase apart and kept athlete and operator data secure is our dedication to secure development practices that align with our secure-by-design philosophy. Fusion Sport is governed by a clear framework to consolidate the many compliance requirements, system procedures and data management practices by our skilled Systems Administration and Security team, and throughout our organisation.
The security of our products sets a new industry standard in Athlete Management Systems, Electronic Medical Records and sports technology products. Find out more by contacting us now.