Security Policy
Linking & Integrating Pty Ltd ACN: 630 002 596 – Security Policy
Objective
This is to ensure that appropriate measures are put in place to protect corporate information and the information systems, services and equipment owned or utilised by Linking & Integrating – Australia, hereby known as Linking & Integrating.
This document is developed to secure Linking & Integrating and its customers assets against theft, fraud, malicious or accidental damage, breach of privacy or confidentiality; and to protect Linking & Integrating and its customers from damage or liability arising from the use of its facilities or services for purposes contrary to their intend use.
Scope
This policy applies to all Linking & Integrating staff (onshore and offshore), its customers, or any other persons otherwise affiliated but not employed by Linking & Integrating , who may utilise its infrastructure and/or access its applications with respect to the security and privacy of information.
Staff, Customer and Associate Access
Linking & Integrating provides its staff and customers with access to electronic services, computers and communication facilities. These facilities include access to solutions like email and/or Internet services and administrative tools.
Where a staff member or customer is assigned login credentials or system passwords they are responsible for maintaining the use and security of any User IDs and all activity associated with that ID. Knowingly disclosing passwords to others will be deemed a breach of policy and could result in termination of accounts.
Linking & Integrating expects its staff, customers and associates to take all reasonable steps to ensure the integrity and security of its systems and data.
Contract / Temporary Access
Where temporary access is required for a specific purpose such as, but not restricted to, contract workers (onshore or offshore) and ‘test’ accounts, a user expiry date based on the completion date of the required tasks must be used to ensure the temporary account is not accessible after that date.
In the case of ongoing maintenance and support from 3rd party companies, access must only be granted to the relevant facilities within the system and be restricted to only the systems for which they provide support.
Logical Security
Implementing a suitable environment that protects the integrity, availability and confidentiality of Linking & Integrating and its customers’ data by using logical or ‘computerised’ controls and processes.
Software Security
Software security specifically relates to access rights and protection of software packages supplied by, and for the use by, Linking & Integrating computer services infrastructure. All users of Linking & Integrating systems are supplied with a User Account for authentication and allocation of appropriate access rights to network facilities including software solutions. Access to such network facilities and software is also controlled by the use of secure passwords which must be changed on a regular basis.
Do not track
please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
End-Point Security and Antivirus Software
All Linking & Integrating issued PCs and laptops must run antivirus software. The Operating System must be set to auto update so that regular vendor updates reduce threat or risk of OS vulnerabilities. There are also antivirus systems in place checking all incoming email into the organisation and also on internally circulating emails.
It is expected that any nonstandard PC and / or laptop also have current updated antivirus software installed, and it’s the owners / users responsibility to ensure this. Not having current updated antivirus software installed may expose Linking & Integrating systems and infrastructure to potentially significant disruption and damage due to virus infected computers.
Passwords
It is essential that those requiring access to the Linking & Integrating computing system be issued with a unique login and password. This password is not to be shared with, or used by, any other individual and failing to comply will be treated as a serious breach of system security which may result in account termination.
Patch Management
To ensure that all Linking & Integrating managed systems and applications are kept current and up-to-date by going through the assets that are required to address any known software vulnerabilities. These updates will be distributed at the discretion of Linking & Integrating and take place daily to mitigate risks of new zero day vulnerabilities.
It will be the responsibility of system administrators of the customers to ensure that the servers under their control are kept updated with required operating system and software updates and patches. Periodic checks will be performed on servers to assess their vulnerability status by the Linking & Integrating appointed staff in consultation with customer’s system administrators.
Data Security
Ensuring that the confidentiality of data contained on the information technology systems is maintained and access is made available to those who are authorised to see that data. This item should also be used in conjunction with privacy polices.
Confidential Data Security
To ensure the confidentiality and security of sensitive information contained on Linking & Integrating systems, it is essential that only those authorised to access such data are permitted to do so. Those who are permitted to access such information are granted appropriate access, as required by their job functions. All customer information is silo’d from other customers by separate system partitions, independent management systems and firewalls. All frontend internet solutions will comply with Secure Socket Layer (SSL) technology to encrypt data between user browser and application server.
Anyone, staff or associate, who gains access to such information through methods other than those granted by an appropriately authorised person, shall be deemed as unauthorised and subject to disciplinary and/or legal action.
Staff and associates should be aware of their legal and corporate responsibilities in relation to appropriate use, sharing or releasing of information to another party. Any other party receiving restricted information must be authorised to do so and that the receivers of the data also adopt information security measures to ensure the safety and integrity of the data.
