We are committed to being responsible data custodians, protecting your privacy and ensuring that your personal information does not get misused. We take our obligations to you seriously and understand how important it is that your personal information is kept secure and not disclosed to any unauthorised entities or used for any unauthorised purposes. We also understand and respect that, in the event of a notifiable data breach, you are entitled to be made aware of this breach so you can take appropriate actions to protect yourself.
The measures we can put in place to protect your personal information and data include (but are not limited to):
· The ability to apply two step (2SA) authentication to access across all sensitive applications (not on an application by application basis)
· Restriction of remote access to specific locations and/or block overseas access to our systems
· Track and monitors attempted access to our systems and identify suspicious activity
· Log usage in an audit trail and retrospectively determine the suspected source of a breach to report to authorities. With this tool we can see what applications were accessed, when they were accessed and from where.
· Terminate user access to all sensitive cloud applications by disabling a single user account
· Remotely wipe mobile devices in the event they’re breached, lost or the user associated with the device is terminated We can restrict access to reasonable times such as business hours
· We are able to share access to applications using a single user ID without having to divulge cloud app passwords to staff
· The ability to federate our identity systems so that access to desktops, servers and browser-based cloud applications are accessed via one single identity.
We have policies and documentation in place that:
· Educates and sets expectations on best practice password and access management to staff in the form of an IT and Internet usage policy.
· Third party access agreements that govern and limit liability in the event a third party such as an IT contractor or outsourced provider should breach our data security policies
· A data breach response plan that lays out the steps we take in the event of a breach and communicates our obligations under the Notifiable Breach Legislation
· A specialist data security legal service contracted to support us in the event of a breach to ensure the appropriate remediation and notification steps are taken.
· A retainer-based engagement with a specialist cyber-security firm that provides guidance and best practice systems to protect our clients’ privacy
· This cloud best practice certification that validates our firm as a responsible data custodian
We also have access to external advisors with expertise to handle privacy and data protection matters.