As part of its ongoing approval to operate an Electronic Lodgement Network, PEXA is required by the e-Conveyancing regulator (ARNECC) to establish and maintain an Information Security Management System (ISMS).
This is subject to an annual independent expert review, currently completed by Ernst & Young (EY) and outcomes of the review are shared with ARNECC and form an integral part of the renewal process for PEXA’s operating licence.
Here are a number of security measures used to protect PEXA customers when transacting online.
PEXA uses advanced encryption mechanisms to protect information on the PEXA platform. This information can only be accessed by the user and other authorised parties*.
Today all financial service providers use encryption to protect customer data. Encryption ensures no one else is able to see information related to the user or their business. For example, when someone sends a message using WhatsApp, the service wraps the message in code, scrambles it and creates an encryption key. It can then only be unlocked by the recipient of the message.
PEXA uses similar measures, ensuring integrity and confidentiality of data shared between the user’s browser and PEXA’s back-end core infrastructure.
Digital certificates allow PEXA customers to electronically sign documents in PEXA on behalf of their clients thereby eliminating the need to print and pen-sign physical documents! A digital certificate is a PEXA customer’s unique identity online. Anyone signing on the PEXA platform must use one.
If data in the Workspace is changed, the PEXA system will automatically unsign any signed documents affected by the data change. The customer responsible for the documents(s) will need to sign in to the PEXA platform again and re-sign the relevant document(s) using their digital certificate.
Therefore, if a PEXA customer edits part of the Workspace, it cannot progress to the Land Registries or to settlement until re-validated and signed by the relevant parties in the Workspace. This process further protects the integrity of the data, defending against unauthorised transactions and approvals in PEXA Workspaces.
Initially, all prospective PEXA customers sign a Participation Agreement (PA) during the onboarding process. Once signed, the customer agrees to comply with PEXA’s Security Policy, ensuring their systems meet a certain standard of security when using the PEXA platform.
Parties integrating their systems with PEXA must align with third party security and risk assessment process, which include answering a series of questions and where necessary, providing relevant evidence to confirm their security and risk management practices meet certain standards.
This also presents an opportunity for customers to assess their own security and risk controls for data and privacy purposes.
* All parties invited into a Workspace and PEXA