Transparency
Quality
Trust is built through transparency, not marketing. This page shows how we hold ourselves accountable - the standards we work to, the monitoring we run, and the live status of our systems. If you want to understand how we manage quality, the evidence is here.
Monitoring and Alerting
We watch the system so you don't have to.
Every five minutes, automated checks confirm that Digital Reef's core services are running - tested from two locations on opposite sides of the world, so we catch problems no matter where they originate. We also track how the system is performing under the hood: speed, load, and stability, continuously.
Every night at midnight, we run security checks across all of our code, looking for known vulnerabilities. Once a week, a broader self-check confirms that our documentation, security alerts, and code protections are all current and working as they should.
When something needs attention, it doesn't sit in a queue. Critical issues are escalated immediately to Digital Reef's technical leadership - automatically, without anyone needing to notice it first.
In total, we have over 30 active alerts configured across the platform. Think of it as a building with a full alarm system, tested regularly, with someone always on call.
Live System Status
Having access to quality data from our system at all times is important. Real-time health checks against Nemo, Aronnax and our other services are monitored and shown here. These are the same endpoints monitored by our Azure availability tests, which run every five minutes from two geographic locations. What does this mean for you? It means that you won't miss a submission window, have gaps in your data, or have a notice that slips through undetected. Our real-time monitoring watches the same critical systems you rely on so problems are caught and flagged before they cause access or data issues. You get visibility into the health of the platform without needing to check it yourself.
Compliance Frameworks
We voluntarily align to international and New Zealand security and quality standards. Not because we are required to, but because our member organisations deserve the same rigour that large institutions take for granted.
ISO 27001:2022
Information Security
- 5 controls fully implemented, 71 partial - zero gaps
- Cloud-native architecture (17 physical controls not applicable)
- Statement of Applicability maintained (DR-SOA-001)
ISO 9001:2015
Quality Management
- 59 requirements partially implemented, 23 planned
- Quality policy (DR-QMS-001) approved by Trust Board
- 7 core processes defined across all product areas
NZISM v3.9
NZ Information Security Manual
- 29 compliant, 244 partial, 66 planned, 291 not applicable
- Tiered assessment model across 23 chapters
- MFA enforced across all interfaces
Dependency and Code Security
The software Digital Reef runs on is made up of thousands of small building blocks. Any one of them could develop a security flaw. We run automatic checks every night across everything we've built, and every time we make a change, it's scanned before it goes live. If a known vulnerability is found anywhere in our system, we're alerted and can act - before it becomes a problem for you or your data.
Privacy and Data Governance
Data governance is not an afterthought. Our Privacy Policy, Data Sovereignty Statement, and Security Overview are public documents - available to anyone who wants to understand how we handle information.
Privacy Act 2020 (NZ)
Compliance across all 13 Information Privacy Principles. Active Privacy Impact Assessments for Nemo and Aronnax systems.
Māori Data Sovereignty
Six Te Mana Raraunga principles embedded in governance. Trust Deed Clause 16 mandates kaitiakitanga over Māori data.
Data Classification
Four-tier classification: Māori cultural data, community place data, public regulatory data, and operational data - each with appropriate controls.
AI Safeguards
LLM providers verified as no-training on our data. PII redaction implemented in email ingestion pipelines. Audit trails maintained.
Continuous Improvement
Quality is a process, not a destination. We maintain a Corrective Action Register that tracks issues from identification through resolution. Internal audits run quarterly against our compliance frameworks. Every security incident generates a learning entry that feeds back into our controls.
Our ISO 9001 quality management system defines six strategic objectives aligned to the Trust Deed's charitable purposes. These objectives are reviewed by the Trust Board and inform decisions about where we invest time and effort.
We publish this information because we believe accountability should be visible. If something is not working, we want our members to know about it - and to know what we are doing to fix it.