Information & Data Security Policy
The Company's information and data will be protected by use of the following measures:
- Ensuring appropriate destruction of RISQ Group SPII* data (cross cut shredding of paper documents and physical destruction or degaussing of electronic media)
- Performing due-diligence checks on employees handling SPII data to help prevent the employment of individuals who have previous convictions such as drug offences, burglary, or fraud-related offenses
- Conducting awareness training for employees or contractors with access to RISQ Group data
- Establishing access controls for electronic access to RISQ Group data that:
- Ensure users only have access to data needed to perform their job function;
- Include user name and password authentication;
- Ensure access of users is revoked immediately upon termination of employee/contractor; and
- Log and monitor administrative access for inappropriate activities
- Requiring employees and contractors to maintain a "clean desk" ensuring any RISQ Group data is not conspicuously available in hardcopy or on removable media
- Implementing security technology controls such as firewalls, intrusion detection devices and anti-virus software, as appropriate
- Ensuring appropriate levels of protection of RISQ Group data as it is stored or transferred across public networks (e.g., encrypt SPII data (utilizing 128 bit encryption technology) if transferred over public networks)
- Ensuring appropriate physical security controls where RISQ Group data is stored including door locks, monitoring of employee access to buildings and escorting of visitors.
- Establishing procedures to notify RISQ Group immediately of any potential breaches of RISQ Group data.
- Ensuring that laptop computers and other mobile devices containing RISQ Group data are protected by never leaving them unattended or unsecured
- Evaluating any vendors providing Third Party Service Provider with services involving the handling of RISQ Group data to ensure the vendor has implemented adequate information and physical security controls.
The Privacy Officer
GPO Box 2639
Sydney NSW 2000 Australia
The Privacy Officer
101 Thomson Road
#10-01 United Square
To know more Contact Us