Stringent security protocols are integrated into our development process and client products.

Security has never been more important. Ensuring our clients like you are in safe hands is of paramount importance to the entire team here at Digital Garden.

digital garden image

Digital Garden has rigorous security protocols that ensure we are developing our client products with the highest levels of security. It all begins with our team personnel: 

  • Employee background, security & criminal checks, including an Australian Federal Police (AFP) National Police Check and through the Australian Government Security Vetting Agency (AGSVA) 
  • A dedicated Chief Security Officer role, who regularly reviews and audits security procedures and protocols with our third-party cyber security consultancy
  • Digital Garden employees undergo regular security awareness training. Topics include recognising suspicious emails, links and attachments

Operational security for client products & systems

Digital Garden vigilantly monitors:

  • Logs of access to its clients’ content management systems via Drupal Reports, Bitbucket code repositories via Atlassian Access and development environments via console
  • updates on module and security patches needing to be applied 
  • Any unusual activity on our client CMS or hosting environments

Security for systems & tools

For the tools we use day to day, we ensure all necessary measures are implemented, such as:

  • Multi-factor authentication (MFA/2FA)
  • Enforcement of strong passwords
  • Regular expiring of passwords
  • Adhering to the use of our password manager of choice
  • Daily backups of all sites, code and design files
  • Administrative access on the principle of least privilege

Security of physical premises & workplace devices

Digital Garden has the following measures in place in our offices and agency-issued devices:

  • Access control to our premises
  • Monitoring of our premises via CCTV
  • Password-protected device, configured to encrypt data at rest (such as FileVault on our majority Apple devices)
  • Enforcement of strong passwords
  • Automatically locking devices when idle for a short period of time

We request that personal mobile devices of our employees that may be used to authenticate during MFA logins must be either password or biometric protected.

Infrastructure & data security at

Our primary hosting infrastructure provider is a managed cloud platform whose security measures include:

  • Auto-redundant architecture
  • DDoS prevention via a multitier CDN
  • Server-hardening measures


Data security, encryption & retention practices

Our data encryption and retention practices include:

  • All change and new feature developed by Digital Garden on a client’s digital product is strictly governed by our code change management policy
  • Our repositories are encrypted at rest (AES-256) and encrypted in transit (TLS 1.2+) so our clients’ code is always secure
  • Developer access is by predefined IP addresses that our developers access from and require use of multi-factor authentication
  • We encrypt all sensitive and PII data collected by any of our client’s digital products

Our third-party providers

Google Workspace

Other services