The Digital Marketplace is being delivered to make it easier for government and digital businesses to work together. We value transparency while also taking security seriously. This document describes the practices we employ to help ensure the security of our users’ data.
Open sourceBack to top of page ↑
All code behind the Digital Marketplace is open source and available on Github. The original project was forked from a version of the Digital Marketplace UK, a service that has successfully been running for a number of years. A full log of all changes since the code was forked is available on our GitHub repository.
Raising issuesBack to top of page ↑
Any member of the public is able to log an issue on GitHub for the Digital Marketplace. Whether it be a bug, feature request or security concern our team is ready to respond in a timely manner to all issues. Alternatively, you can email us at firstname.lastname@example.org.
Security auditsBack to top of page ↑
The Digital Marketplace is regularly audited for vulnerabilities at source code level by the internal DTA Security Team. A full audit was completed for the Beta release. Periodic audits are now scheduled on new features on the live release. Any security bugs that are raised during these audits are fixed and deployed in a timely manner.
Secure cloudBack to top of page ↑
The Marketplace site is deployed to a secure Amazon Web Services (AWS) environment. It uses a combination of AWS services and services that are provided by the DTA cloud platform (Cloud Foundry). The database that contains all user data has restricted access and is periodically backed up.
Status and incident updatesBack to top of page ↑
The current status of the Digital Marketplace site can be viewed at http://status.cloud.gov.au. We publish our service availability in real time. If there is downtime for any reason, an incident will be raised on this site with regular updates until the service is restored.
MonitoringBack to top of page ↑
The Digital Marketplace is continually monitored by a range of tools that immediately notify the team of any errors or changes to performance that could affect the Digital Marketplace service.
Zero downtimeBack to top of page ↑
The Digital Marketplace has a policy of zero downtime deployments. This means there’s no interruption when the site is being updated. The Digital Marketplace team regularly update the site, typically on a daily basis, and can quickly respond to any issues.
FeedbackBack to top of page ↑
The Digital Marketplace is an agile development, which means it evolves in response to the needs of its users. If you have any feedback or questions relating to this document (or any other Digital Marketplace matters) else email email@example.com.
Updated: 1 June 2018