Scroll to top

Information security, privacy and regulatory compliance


Innovent takes information security and privacy of personal data very seriously. We abide by the data privacy principals established in the EU Directive on Data Protection and Australian Privacy Act 1988, as well as all other applicable local policy laws and regulations. Our security policies and processes are based on the ISO 27001 global security management standard and we conduct internal security/privacy audits as well as security testing on an, at the minimum annual basis

Quality

A core success metric for us is consistent, high quality solution delivery for all our clients. We achieve this with detailed documentation, excellent communication and thorough testing at every phase of the project

Flexibility

Every business is unique, Innovent are flexible in their approach, team structure, technology and more. We complement your skills with extensive technical and consulting experience

Friendly

At Innovent we value relationships. Our team is made up of staff from 7 different origins. We love to balance hard work with a healthy, friendly team culture

Team

How much more can you get done working with a team? Our depth of skills and experience across our team is second to none. Technology experience, industry experience, we have you covered

Innovent has developed a set of policies and associated processes that provides assurance within the company and to our clients, partners and interested parties, that the availability, integrity and confidentiality of their information will be maintained. These policies and processes cover such areas as:

·       Privacy
·       Third party security
·       Encryption & Key Management
·       Access controls and Identity management
·       Operational processes
·       Vulnerability management
·       Patching
·       Mobile devices
·       Business continuity
·       Incident management
·       Human resources
·       Physical & Environmental Security
·       System Acquisition, Development & Maintenance
·       Teleworking and Remote Access
·       Cloud services
·       SLAs
·       Reporting
·       And others

These Policies target the following high level objectives:

  • Implementation and ongoing support of a company wide Information Security Management System that is compliant to with the relevent ISO/IEC 27001/2 Standards for Information Security Management Systems
  • Implementation of Sensitive Information Control policies and processes,  including compliance with regulations under the Australian Data Protection Act 1998, as well as the European GDPR, to protect client, partner, supplier, our own and personal employee information which is not in the public domain
  • Information Security Risk Assessment Process, that assesses the business harm likely to result from a security failure and the realistic likelihood of such a failure occurring in the light of prevailing threats and vulnerabilities, against controls currently implemented
  • Privacy Risk Assessment Process, that assesses the sensitivity of private data held or processed by our systems, and puts in place measures to ensure the security and integrity of the data.
  • Business Continuity Plans to counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters
  • Defined security controlled perimeters and access to controlled offices and facilities to prevent unauthorised access, damage and interference to business premises and information
  • Information Security and Privacy awareness training for all company employees, and associated third party suppliers.
  • A dedicated Senior Management Team that supports the continuous review and improvement of the company’s Security Policies.
  • Incident management and escalation procedures for the reporting and investigation of security incidents for management review and action

Our company information security policies are reviewed by the Senior Management Team at least every 12 months, (or sooner, should the need arise), and recommend amendments as well as updates to the policies as part of the continuous service improvement process.

These policies will be made available to Interested Parties, where required.