Information Security Policy
Information security is the protection of information and supporting systems from a wide range of threats in order to ensure business continuity, minimise operational risk, and maximise return on investments and operational opportunities. Data, information, and the underlying technology systems are essential assets to Enboarder and provide vital resources to staff and our customers and consequently need to be suitably protected.
The security of information in all its forms is of the utmost importance to Senior Management. Information security is achieved by implementing a suitable set of controls (based on risk profile), including policies, processes, procedures, organisational structures, and software and hardware functions. This gives confidence to interested parties that risks due to potential incidents are adequately managed.
Our ultimate goal is to continually improve Management System performance within the business.
In order to achieve this, the following information security objectives have been established:
- Strategic and operational information security risks are understood and treated to be acceptable to Enboarder.
- The confidentiality of client information, product development, and marketing plans is protected.
- The integrity of company records is preserved.
- Public web services and internal networks meet specified availability standards
- We handle personal information and customer information with confidence and within the GDPR regulations and Australian Privacy legislation.
- Achieve SOC 2 Type II compliance. Enboarder recently completed the SOC 2 Type II Audit, a third-party audit that’s part of the American Institute of CPA’s (AICPA) Service Organization Control reporting platform. In order to achieve SOC 2 compliance, Enboarder went through a rigorous audit of the security policies and controls it has in place to protect its customers’ data.
To achieve these objectives, we shall act to:
- Communicate this policy to all existing employees and to new employees upon commencement.
- Comply with all legislative and other requirements which are relevant to Enboarder.
- Make our commitment to information security and confidentiality visible to all interested parties.
- Maintaining a Management System which meets the requirements of ISO 27001:2013.
This policy, together with the objectives and targets set, will be reviewed on an annual basis to ensure that it remains relevant and suitable to be operations of Enboarder.