Innovent has developed a set of policies and associated processes that provides assurance within the company and to our clients, partners and interested parties, that the availability, integrity and confidentiality of their information will be maintained. These policies and processes cover such areas as:
· Privacy
· Third party security
· Encryption & Key Management
· Access controls and Identity management
· Operational processes
· Vulnerability management
· Patching
· Mobile devices
· Business continuity
· Incident management
· Human resources
· Physical & Environmental Security
· System Acquisition, Development & Maintenance
· Teleworking and Remote Access
· Cloud services
· SLAs
· Reporting
· And others
These Policies target the following high level objectives:
- Implementation and ongoing support of a company wide Information Security Management System that is compliant to with the relevent ISO/IEC 27001/2 Standards for Information Security Management Systems
- Implementation of Sensitive Information Control policies and processes, including compliance with regulations under the Australian Data Protection Act 1998, as well as the European GDPR, to protect client, partner, supplier, our own and personal employee information which is not in the public domain
- Information Security Risk Assessment Process, that assesses the business harm likely to result from a security failure and the realistic likelihood of such a failure occurring in the light of prevailing threats and vulnerabilities, against controls currently implemented
- Privacy Risk Assessment Process, that assesses the sensitivity of private data held or processed by our systems, and puts in place measures to ensure the security and integrity of the data.
- Business Continuity Plans to counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters
- Defined security controlled perimeters and access to controlled offices and facilities to prevent unauthorised access, damage and interference to business premises and information
- Information Security and Privacy awareness training for all company employees, and associated third party suppliers.
- A dedicated Senior Management Team that supports the continuous review and improvement of the company’s Security Policies.
- Incident management and escalation procedures for the reporting and investigation of security incidents for management review and action
Our company information security policies are reviewed by the Senior Management Team at least every 12 months, (or sooner, should the need arise), and recommend amendments as well as updates to the policies as part of the continuous service improvement process.
These policies will be made available to Interested Parties, where required.