01THE ZEPTO WAY
Security compliance overview
Security compliance is serious business at Zepto. Hundreds of controls are verified by our people, and we partner with top-shelf vendors like AWS, CrowdStrike, GitHub and Wiz to ensure we're at the leading edge of world class product, security and payment experience delivery. We maintain a high level of awareness over our technical environment, conduct assurance testing, maintain an agile governance model and Australian data sovereignty. And as a Connected Institution [CI] on the NPP, insights shared with AP+ help ensure our payments ecosystem is robust, thriving and secure.
02THE ZEPTO WAY
Security as a product feature
Zepto's security foundation supports and protects our payments infrastructure and the funds flowing through it. Security is something our customers rightly expect. It's non-negotiable, and it feeds into our view that solid baseline security controls are a product feature. Under the hood, Zepto’s authentication foundation is complex, but our API is designed for easy integration. The combination of safety, speed and convenience enables Zepto's enterprise customers to innovate and safely deliver extraordinary payment experiences.
03THE ZEPTO WAY
ACSC partnership program
Zepto joined the Australian Signals Directorate's (ASD) Australian Cyber Security Centre (ACSC) partnership program which offers real-time intelligence on threats that may affect Australian businesses. It enables organisations to engage with the ACSC and fellow partners, drawing on collective insights, experience, skills & capability to lift resilience across the economy. As a Cyber Security Partner, Zepto has access to threat intelligence, news and advice to enhance situational awareness as well as resilience-building resources.
04THE ZEPTO WAY
Incident Response
The choice you made about your provider of payments infrastructure never matters more than when things go wrong. With 24-7 monitoring, engineers on call, and distributed incident managers always available, Zepto's incident management framework, resolution playbooks, speed of response, and transparent post-incident reviews reflect a maturity of approach commensurate with how seriously we take this. When it comes to moving money, your business is our business.
05THE ZEPTO WAY
Systems, speed & safety
We believe that a serious approach to system security, controls and governance shouldn't mean 'slow'. Zepto's forward-thinking approach to building things with process automation in mind, enables agile decision-making while maintaining the highest levels of governance. We monitor the capacity of our environment in real time and, with embedded security scans and guard rails in place, Zepto can deploy code multiple times a day.
06THE ZEPTO WAY
A blended model
Zepto's blended model of cross-skilled people and automation, and the control over processes that model delivers, improves assurance testing, governance and security. Having a cross-skilled team means that Zepto people know their areas of expertise intimately, but also see and understand the bigger picture. Those people are bulwarked by technologies and automation that make them faster and more effective.
07THE ZEPTO WAY
Securing code deployments
Zepto was set up to deploy code as often as required throughout the day. But when code is deployed, things can go wrong. Zepto's automated checks ensure the quality of the code. Branch protection ensures safe sequencing of deployments. Technical controls minimise human error and purposely malicious activity. Further, Zepto's continuous integration and continuous deployment (CI/CD) pipeline improves software delivery and identifies critical vulnerabilities throughout the software development life cycle via automation.
08THE ZEPTO WAY
SRE: Site Reliability Engineering
Zepto's SRE team plays a vital role in delivering change management and ensuring that new code deployments are seamless and have minimal impact on our systems or those of our customers. The SRE team is responsible for building Zepto's tested and trusted templates with embedded security that developers can self-serve and assemble in agile ways to deliver extraordinary and secure payment solutions.
"Inevitably, even when security objectives and business objectives are aligned there’s going to be complexity. Cybersecurity is a challenging space, and not just in terms of anticipating, repelling and responding to attacks from bad actors. We also have to understand our footprint. We have to consider how we might consolidate the tools we have at our disposal to enhance our readiness. We have to assess risks and costs — financial or otherwise — and anticipate and enable change."Mariana Paun Head of Operations and Information Security, Zepto
"Inevitably, even when security objectives and business objectives are aligned there’s going to be complexity. Cybersecurity is a challenging space, and not just in terms of anticipating, repelling and responding to attacks from bad actors. We also have to understand our footprint. We have to consider how we might consolidate the tools we have at our disposal to enhance our readiness. We have to assess risks and costs — financial or otherwise — and anticipate and enable change."Mariana Paun Head of Operations and Information Security, Zepto
Receive mission updates...
Subscribe to our newsletter to stay in-the-know with the latest payment news, expert insights and all things Zepto.