Last Updated: 19 Apr 2023
This Security and Compliance Policy is a comprehensive document outlining the measures Alusoft Pty Ltd ("Alusoft", "we", "us", or "our") undertakes to protect information assets against all internal, external, deliberate, or accidental threats. This document encompasses our commitment to maintaining the highest standards of information security, data protection, and regulatory compliance.
Alusoft recognizes the importance of securing and protecting the information assets and data of our clients and our business. We are committed to providing a secure environment for all data through comprehensive policies, procedures, and technical measures.
This policy applies to all employees, contractors, and third-party service providers of Alusoft who have access to our information systems and data.
Alusoft implements robust data protection measures to safeguard sensitive and personal data against unauthorized access, disclosure, alteration, and destruction. Our data protection strategies are in compliance with applicable data protection laws, including GDPR, CCPA, and Australia's Privacy Act.
We adhere to relevant laws, regulations, and standards governing information security and data protection. This includes compliance with industry standards and frameworks such as ISO 27001, PCI DSS, and others relevant to our operations and services.
Access to sensitive information and critical infrastructure is strictly controlled. We employ the principle of least privilege, ensuring that individuals have access only to the resources necessary for their job functions.
Operational security measures include regular security assessments, vulnerability scanning, and penetration testing to identify and mitigate potential security risks. We also implement secure development practices and encryption technologies to protect data in transit and at rest.
Alusoft has a formal incident response plan to effectively respond to and manage security incidents. This plan includes procedures for incident identification, assessment, containment, eradication, and recovery, as well as communication strategies for notifying affected parties and regulatory bodies when necessary.
This policy is reviewed annually and updated as necessary to reflect changes in the regulatory landscape, security threats, and business operations. All amendments are communicated promptly to relevant stakeholders.
For questions or concerns regarding this Security and Compliance Policy, please contact us at contact@alusoft.com.au.