Infrastructure Security
Cloud Architecture
Fifteen54 is hosted entirely on Amazon Web Services (AWS) in the Sydney (ap-southeast-2) region, ensuring your data remains in Australia.
| Layer | Technology | Protection |
|---|---|---|
| Document Storage | Amazon S3 | AES-256 encryption at rest |
| Database | Amazon DynamoDB | Encryption at rest, automatic backups |
| Data in Transit | TLS 1.2+ | All connections encrypted |
| Access Control | AWS IAM | Role-based, least-privilege access |
Data Sovereignty
All certificate data, metadata, and backups are stored exclusively within Australian data centres. We do not transfer or replicate data outside of Australia.
Document Integrity
Tamper Detection
Every document uploaded to Fifteen54 undergoes visual fingerprinting using perceptual hashing. This allows us to:
- Detect duplicate certificates across your entire document library
- Identify potentially altered or fraudulent certificates
- Maintain document integrity verification throughout the certificate lifecycle
Immutable Audit Trail
Every action in Fifteen54 is logged with:
- Timestamp (UTC)
- User identity
- Action performed (upload, view, download, search)
- Document identifiers accessed
- IP address and session information
Audit logs are write-once and cannot be modified or deleted, providing a complete chain of custody for compliance and dispute resolution.
Access Controls
Authentication
- Email/password authentication with secure password policies
- Session management with automatic timeout
- Account lockout after failed login attempts
Authorisation
- Role-based access control (RBAC)
- Company-level data isolation—users can only access their organisation's certificates
- Granular permissions for upload, view, download, and administration functions
Supporting AS/NZS 5131 Traceability
AS/NZS 5131 requires that structural steelwork be traceable throughout its design life—typically 50+ years. Fifteen54 supports these requirements by providing:
| Requirement | How Fifteen54 Helps |
|---|---|
| Heat number traceability | Instant lookup linking heat numbers to source certificates |
| Document retention | Designed for 50+ year retention with durable cloud storage |
| Compliance documentation | Centralised, searchable repository for all material certificates |
| Audit capability | Complete access history for any document |
We work alongside existing industry certification schemes including ACRS product certification and the National Structural Steelwork Compliance Scheme (NSSCS), providing the document infrastructure that supports your compliance obligations.
Data Retention & Backup
| Feature | Detail |
|---|---|
| Retention Period | Indefinite—documents stored until you choose to remove them |
| Backup Frequency | Continuous replication across multiple availability zones |
| Durability | 99.999999999% (11 nines) designed durability |
| Disaster Recovery | Cross-availability-zone redundancy within Sydney region |
Availability
Fifteen54 targets 99.9% uptime, leveraging AWS's highly available infrastructure. Our architecture includes:
- Multi-availability-zone deployment
- Automatic failover for database operations
- No single points of failure in critical paths
Incident Response
In the event of a security incident, we commit to:
- Investigating and containing the incident within 24 hours
- Notifying affected customers within 72 hours of confirmed breach
- Providing a full incident report and remediation plan
- Complying with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988
Your Responsibilities
Security is a shared responsibility. We recommend that customers:
- Use strong, unique passwords for all user accounts
- Review user access regularly and remove accounts that are no longer needed
- Report any suspicious activity or potential security concerns immediately
- Maintain your own records of critical certificates as part of your business continuity plan
Questions?
If you have questions about our security practices or compliance capabilities, contact us at security@fifteen54.com.au