Security

Maintaining a secure environment for the voting process is fundamental to achieving fair and transparent results. This summary exists to provide a clear overview of GoVote’s online system security infrastructure and practices, and to help reassure clients that their data is appropriately protected. As with all things related to security, our processes and policies are constantly being reviewed to improve our approach and meet our client’s needs.

This is not an exhaustive list. If you have further security related questions, please contact us at security@govote.com.au.

All information travelling between your browser and GoVote’s online systems is protected from eavesdroppers with 256-bit SSL encryption. The lock icon in your browser lets you verify that you aren’t talking to a phishing site impersonating GoVote and that your data is secure in transit.

For site security purposes and to ensure that this web service remains available to all users, the GoVote website employs software programs that monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Anyone using this website expressly consents to such monitoring and is advised that if such monitoring reveals evidence of possible abuse or criminal activity, such evidence may be provided to appropriate law enforcement officials.

The GoVote application – including your data – rests securely behind firewalls.

Given the sensitive nature of conducting workforce ballots GoVote software employs a sophisticated access control and finger print system in order to provide secure access to the software and a clear system access audit for each process.

• GoVote Administration User Access: GoVote employs one administrator who has system wide access. This facilitates the set up, pre and post auditing, and monitoring of all processes. This access also includes a set of tools for monitoring all other access to the system.
• Client Access: Client access is limited to facilities that allow the client to monitor ballot voting progress, ballot support activities, the ballot timetable and key ballot deliverables. Only designated client personnel (typically key ballot contacts) are granted access.
• User Access Controls: User access is controlled through a variety of methods depending on the nature of the data process and the requirements of the client. This access is specifically designed to authenticate users prior to accessing the data interface. This access is only to facilitate the data process and no access is possible to any part of the administration system.

GoVote, in conjunction with our hosting partner, VPSBlocks, maintains comprehensive protocols to provide for hardware and server software redundancy and secure storage using a variety of data redundancy systems. Full details of the server infrastructure environment and feature set can be found at http://vpsblocks.com.au/Features.aspx

GoVote runs a daily-weekly-monthly server back-up cycle onto external media using purpose built secure storage devices. All backups are encrypted, and any unused, obsolete, or end-of-life media is destroyed to prevent third-party data retrieval. Upon request GoVote can also employ a secure off-site back-up and storage service. Server data can be backed-up on a daily cycle onto external media and stored offsite in a secure facility.

Each member of the GoVote team has the necessary integrity required for working in this sensitive area. Access controls to sensitive data in our databases, systems and environments are set on a need-to-know / least privilege necessary basis.

GoVote is aware that many organisations have different security protocols that need to be fulfilled in order for us to comply with their requirements. In these circumstances GoVote can work in direct contact with the client organisation’s Security Group to efficiently resolve any issues.

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if GoVote learns of a security breach, we will:

• Contain the breach and do a preliminary assessment
• Evaluate the risks associated with the breach
• Notify affected users so that they can take appropriate protective steps. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.
• If possible, modify security measures to prevent future breaches

If you have any security concerns or questions contact us at security@govote.com.au.

This policy was last updated May, 2023.