Request a Demo
Request a Demo

Membes is committed to the security of the system itself, as well as the data it is entrusted to store.

Membes takes data security and privacy very seriously. While we don’t like to expose too much information in relation to infrastructure and processes relating to security of Membes (as this information can empower the very people we are trying to protect the system from), below is high level overview of how we secure the system and the data it stores.

Data Centre

Data Centre

  • Membes stores information and data critical to the ongoing operations of its customers. As such Membes has multiple points of redundancy built into its physical infrastructure to ensure minimal outage and maximum recovery even from a catastrophic event taking out entire data centres.

  • The Membes applications and databases are hosted by leaders in technology infrastructure (Amazon Web Services) providing the highest levels of security and monitoring of data centres and infrastructure.

  • DDOS mitigation and real time security threat monitoring and detection are in place at all of our data centres.

  • Membes has a documented "in case of nuclear attack on a data centre" application continuity plan.

Event Management

Application and Database

  • The Membes application and databases are housed within a secured VPC (Virtual Private Cloud) and can only be accessed by authorised individuals through a VPN (Virtual Private Network).

  • The Membes Application is secured by an industry leading WAF (Web Application Firewall).

  • The Membes database is secured within the VPC, is locked down so that it can be accessed from approved access points only and is secured behind three firewalls.

  • Membes development and maintenance adopts all industry best practices and standards in web application security, including but not limited to OWASP (owasp.org).

  • All data is backed up via a "Point-in-time recovery" backup regime. Backups never leave Australia nor the Membes secured VPC.

  • All traffic to and from the Membes system, and within the Membes system itself, is encrypted.

  • All sensitive information stored within the Membes system is encrypted or hashed at rest.

Website CMS

Processes and Protocols

  • Only a very limited number of authorised Membes employees can access production systems.

  • Any access to production systems is carried out under stringent protocols and processes.

  • 3rd party contractors or suppliers cannot access production systems under any circumstances.

  • All Membes developers and engineers are residents of Australia and are located in Australia at all times while accessing production systems.

Membes security is continually tested, benchmarked and monitored against the following industry standards:

  • The Open Web Application Security Project (OWASP) 
  • CWE/SANS Top 25 Most Dangerous Software Errors
  • The Open-Source Security Testing Methodology Manual (OSSTMM)
    SANS
    ISO 2700x
    National Institute of Standards and Technology Special
  • Publication 800-115 (NIST 800-115)
Data Centre Data Centre

  • Membes stores information and data critical to the ongoing operations of its customers. As such Membes has multiple points of redundancy built into its physical infrastructure to ensure minimal outage and maximum recovery even from a catastrophic event taking out entire data centres.

  • The Membes applications and databases are hosted by leaders in technology infrastructure (Amazon Web Services) providing the highest levels of security and monitoring of data centres and infrastructure.

  • DDOS mitigation and real time security threat monitoring and detection are in place at all of our data centres.

  • Membes has a documented "in case of nuclear attack on a data centre" application continuity plan.

Event Management Application and Database

  • The Membes application and databases are housed within a secured VPC (Virtual Private Cloud) and can only be accessed by authorised individuals through a VPN (Virtual Private Network).

  • The Membes Application is secured by an industry leading WAF (Web Application Firewall).

  • The Membes database is secured within the VPC, is locked down so that it can be accessed from approved access points only and is secured behind three firewalls.

  • Membes development and maintenance adopts all industry best practices and standards in web application security, including but not limited to OWASP (owasp.org).

  • All data is backed up via a "Point-in-time recovery" backup regime. Backups never leave Australia nor the Membes secured VPC.

  • All traffic to and from the Membes system, and within the Membes system itself, is encrypted.

  • All sensitive information stored within the Membes system is encrypted or hashed at rest.

Website CMS Processes and Protocols

  • Only a very limited number of authorised Membes employees can access production systems.

  • Any access to production systems is carried out under stringent protocols and processes.

  • 3rd party contractors or suppliers cannot access production systems under any circumstances.

  • All Membes developers and engineers are residents of Australia and are located in Australia at all times while accessing production systems.

Membes security is continually tested, benchmarked and monitored against the following industry standards:

  • The Open Web Application Security Project (OWASP) 
  • CWE/SANS Top 25 Most Dangerous Software Errors
  • The Open-Source Security Testing Methodology Manual (OSSTMM)
    SANS
    ISO 2700x
    National Institute of Standards and Technology Special
  • Publication 800-115 (NIST 800-115)

What you can do to protect your data

Cloud based software that is properly secured and follows current day best practices is very secure. So much so that it is almost impossible for someone with malicious intent to hack into a system through the Application or an infrastructure or application vulnerability. In recent times, an overwhelming majority of data breaches are carried out through the practice of "Social Hacking".

There are a number of things you can do in your organisation to mitigate risks of a data breach.

  • Each employee should have their own login to the system, and you should cancel or suspend all employee logins if they are no longer employed or on leave.
  • Employees should not share their password with others, even other employees.
  • Employees should update their password on a regular basis. (Membes forces period Administrator password updates).
  • Restrict the ability to download (extract or export) sensitive data only to those that need it. In-fact good practice is to provide only one employee the ability to export data from the system. Any other employees needing extracted data must go through this person and provide a reason for obtaining the exported data.
  • Exported data should only be saved to secured computers.
  • Where exported data is no longer needed it should be deleted.
  • Never send exported data as an email attachment. Always use secure file delivery services for this at all times.
  • Ensure a data privacy policy is received from any 3rd party service providers that you need to provide exported data to (such as an events co-ordinator, trainers etc).
  • Do not open attachments on emails if you do not know or trust the source of the email.
  • Do not install unauthorised software on any computers that are used to login to the Membes system.
  • Ensure anti-virus software is installed and kept up to date on any computers that are used to login to the Membes system.

Trusted by over 150 professional and trade associations globally

STAWA
AAAH logo 300 dpi
raes
ANZASW
VTIC
WineSA
NTHA
CASANZ
HIMAA_Logo
Lymphology
ACSNSW
ARAMA-Main-RGB
aoq
DAMA
ARCA
AETM
anzsnm
ASSCID-1
Consulting Surveyors National
arata
CEBA
anzssa
AAAH logo 300 dpi
Pricing

Membes is enterprise level association software without the high price tag

Our team is passionate about the associations industry and that is why since 2001 we have been delivering a ready-made off-the-shelf software that is affordable – with no hidden costs!

Review Membes Pricing
Integrations

Integrated for maximum capability and syncronisation

Membes integrates with other leading specialist software platforms ensuring maximum capability and synchronisation between operational areas.

Review Integration Partners
EXPERIENCE MEMBES

Request a Demo

Contact us to take a walk through one of the most trusted globally, Association Management Systems. Request a Demo meeting with one of our experts – and take a tour of this ready-made solution designed specifically for Trade and Professional Associations.

Request a Demo
MICON-RGB

Insights you’ll actually read.

Keep up to date with our industry newsletter
Solutions
Resources
About
Contact

For more information or to book a demo, get in touch.

Contact Us
Request a Demo

Copyright © 2024 Membes. All rights reserved.