Our methodology in maintaining data security and privacy protection:

HUMAN CONTROLS


Control
Effect

 

We employ only people we know (referrals) Reduced risk of fraud
Every employee is security checked Reduced risk of fraud
We induct, train and retrain our staff Awareness of consequences of data loss
All employees are supervised Reduced risk of fraud
Appropriate employee work conditions Reduced risk of fraud

PROCEDURAL CONTROLS


Control
Effect

 

We operate 100% paperless No risk of paper based data loss
Alarmed and monitored premises Reduced risk of break-ins and data loss
Standardised work procedures in place Reduced risk of accidental data loss
Separate guest web access network Reduced risk of data loss via internet attack
Bring your own device policy in place Reduced risk of data loss via mobile devices
Data security risk assessments Understanding risks and risk controls
Regular system and compliance audits Ability to detect issues and implement remedies
Dedicated internal Data Security and Privacy Protection officer Improved security monitoring, staff induction and training, and system audit processes

TECHNICAL CONTROLS


Control
Effect

 

Sophos Cloud end point protection Reduced risk of data loss via internet attack
Workstation and solution encryption Reduced risk of data loss via web/physical theft
Complex password enforcement Reduced risk of data loss via password hack
Two-step password verification enforcement Reduced risk of data loss via out of office access
Mobile storage devices are blocked Reduced risk of data loss via storage device
Access to data-sharing websites is blocked Reduced risk of data loss via website upload
Access to high risk websites is blocked Reduced risk of data loss via internet attack
Email controls/restrictions in place Reduced risk of data loss via email transfer
Broken-e for drag and drop control Prevents accidental drag and drop of folders in windows
Last Pass for single sign on Password control for multiple client sites