Security Statement

Security Statement

IT Alliance Australia Pty Ltd

ABN 86 616 577 023

Effective: 02 October 2024

 

 

Introduction

At IT Alliance Australia (“the Company”), we are committed to safeguarding the security of our information assets, our customers’ data, and maintaining the trust you place in us. This Security Statement outlines our approach to information security in accordance with the ISO/IEC 27001:2022 standard and provides insights into our practices, policies, and security measures related to the use of Software as a Service (SaaS) products.

 

Scope 

This statement applies to all information systems, processes, and SaaS applications utilized by the Company. It encompasses all data and information processed, stored, or transmitted through these systems.

 

Information Security Management Systems

We have established an Information Security Management System (ISMS) that ensures a systematic approach to managing sensitive company information. Our ISMS includes:

  • Risk Assessment: Regular assessments to identify, analyse, and mitigate risks related to information security.
  • Policies and Procedures: Comprehensive policies to guide information security practices, including access control, incident management, and data protection.
  • Continuous Improvement: Regular reviews and updates to our ISMS based on emerging threats, business changes, and technological advancements.

 

Access Control

Access to our SaaS applications and data is restricted based on the principle of least privilege. Our access control measures include:

  • User Authentication: Strong authentication mechanisms, including multi-factor authentication, to ensure only authorised personnel can access sensitive information.
  • Role-Based Access: Access rights are assigned based on user roles and responsibilities, regularly reviewed to ensure they remain appropriate.

 

Data Protection

We prioritize the protection of your data through various means:

  • Data Encryption: All data in transit and at rest is encrypted using industry-standard encryption protocols.
  • Data Backup: Regular backups are performed to ensure data integrity and availability, with contingency plans in place for data recovery.

 

Incident Management

We maintain a robust incident management process to quickly respond to and recover from security incidents. Our approach includes:

  • Monitoring and Detection: Continuous monitoring of our systems to identify potential security incidents.
  • Incident Response Plan: A documented plan that outlines procedures for responding to security incidents, including notification processes for affected parties.

 

Training and Awareness

We provide ongoing training and awareness programs to our employees about information security best practices and the importance of safeguarding sensitive information. This includes:

  • Regular Training Sessions: Periodic training to keep staff informed about the latest security threats and prevention strategies.
  • Phishing Simulations: Exercises to enhance employees’ ability to recognize and report potential security threats.

 

Compliance and Audits

We conduct regular audits and assessments to ensure compliance with ISO 27001:2022 and other relevant regulations. This includes:

  • Internal Audits: Periodic reviews of our ISMS to ensure effectiveness and identify areas for improvement.
  • Third-Party Assessments: Engaging independent auditors to assess our compliance and security measures.

 

Contact Information

For any questions or concerns regarding our security practices, please contact: rattesh.gumber@italliance.com.au

 

 

 

Thanks!

Load more listings

IT Alliance Australia