ABN 86 649 727 542
Updated: 9 November 2023
Strategic Partners Australia understands the importance of an effective information security program to protect the confidentiality, integrity, and availability of all assets from potential threats. This allows us to perform our services effectively and maintain our reputation as a trusted user of stakeholders’ data.
This strong commitment to security is reflected in the implementation of security polices, processes and controls, as well as dedicated staff to manage information security.
This statement is intended to serve as reference material for third parties such as customers, vendors, and regulatory authorities. Information contained in this statement is general in nature and provided as a guide only based on Strategic Partners Australia’s current operating conditions, knowledge and understanding. It has been prepared in good faith and should not be relied on for any purpose other than for information gathering purposes.
All security policies and procedures are implemented according to the requirement s of ‘ISO/IEC 27001:2022 – Information security, cybersecurity, and privacy protection — Information security management systems — Requirements’ and are reviewed on a regular basis.
Regular web application penetration tests are conducted by independent security organisations, and the findings are addressed promptly.
Strategic Partners Australia utilises Software as a Service solutions (SaaS) and does not have any on-premises technical infrastructure. Our laptops are secured with logical access controls and encryption controls.
Strategic Partners Australia’s registered business premises have appropriate access controls and CCTV monitoring.
Category | Responsibility |
Information and Data | Strategic Partners Australia |
Devices (Mobile and PCs) | Strategic Partners Australia |
Accounts and Identities | Strategic Partners Australia |
Identity and Directory Infrastructure | Shared with SaaS provider |
Applications | SaaS provider |
Network Controls | SaaS provider |
Operating System | SaaS provider |
Physical hosts | SaaS provider |
Physical network | SaaS provider |
Physical datacentre | SaaS provider |
All Strategic Partners Australia employees and contractors are required to complete a Police Check and fulfil Security Clearance requirements of AGSVA as per the client and project need. All personnel are also mandated to sign a confidentiality agreement.
All Strategic Partners Australia employees are required to complete regular compliance trainings, including ICT password, cyber-security awareness, corporate governance and finance, code of conduct, and fraud and corruption trainings.
We have a dedicated:
All information assets are managed as per an internal Data Governance Framework which complies with the requirements of ‘ISO/IEC 27001:2022 – Information security, cybersecurity, and privacy protection — Information security management systems — Requirements’ and are reviewed on a regular basis.
An internal Information Labelling, Classification and Handling Policy is in place to help identify the confidentiality requirements of all information assets and ensure appropriate labelling and handling through it’s the lifecycle of information – creation, storage, archival and sharing of information.
Record retention and disposal requirements are communicated to relevant personnel ensure appropriate retention and disposal of information assets.
Strategic Partners Australia follows a formal process for creation and deletion of user accounts and access to specific data. Additional controls have been implemented for users who have administrative level of access to information systems. Our controls include:
A Password Management Policy is in place and defines the requirements for password changes, and complexity for all user and administrator passwords.
Information Security Risk assessment is conducted on regular intervals and risk remediation is recorded and monitored for continual improvement.
Strategic Partners Australia maintains cyber insurance cover to manage costs arising from cyber risks. It is one of the many components in our strategy for managing cyber risks.
Strategic Partners Australia management and Security team regularly engage external firms and subject matter experts to conduct reviews and provide feedback on our strategic cyber priorities. Strategic Partners Australia also participates in regular internal and external audits and regulatory reviews which help identify areas for improvement.