Our commitment to being responsible data custodians
What is involved in meeting the standards to be a Cloud Best Practice?
We are committed to being responsible data custodians, protecting your privacy, and ensuring that your personal information is not misused. We take our obligations to you seriously and understand how important it is that your personal information is kept secure and not disclosed to any unauthorised entities or used for unauthorised purposes. We also understand and respect that, in the event of a notifiable data breach, you are entitled to be made aware of this breach so you can take appropriate actions to protect yourself.
The measures we can put in place to protect your personal information and data include (but are not limited to):
- The ability to apply two-step (2SA) authentication to access across all sensitive applications (not on an application by application basis),
- Restriction of remote access to specific locations and/or block overseas access to our systems,
- Track and monitor attempted access to our systems and to identify suspicious activity,
- Log usage in an audit trail and retrospectively determine the suspected breach source to report to authorities. With this tool, we can see what applications were accessed, when they were accessed, and from where,
- Terminate user access to all sensitive cloud applications by disabling a single user account,
- Remotely wipe mobile devices in the event they’re breached, lost or the user associated with the device is terminated. We can restrict access to reasonable times such as business hours,
- We can share access to applications using a single user ID without having to divulge cloud app passwords to staff,
- The ability to federate our identity systems so that access to desktops, servers, and browser-based cloud applications are accessed via one single identity.
We have policies and documentation in place that:
- Educates and sets expectations on best practice password and access management to staff in an IT and Internet usage policy,
- Third-party access agreements that govern and limit liability in the event a third party such as an IT contractor or outsourced provider should breach our data security policies,
- A data breach response plan that lays out the steps we take in the event of a breach and communicates our obligations under the Notifiable Breach Legislation,
- A specialist data security legal service contracted to support us in the event of a breach to ensure the appropriate remediation and notification steps are taken,
- A retainer-based engagement with a specialist cyber-security firm that provides guidance and best practice systems to protect our clients’ privacy,
- This cloud best practice certification that validates our firm as a responsible data custodian.
We also have access to external advisors with expertise to handle privacy and data protection matters.