Security Policy
Linking & Integrating Pty Ltd ACN: 630 002 596 (Linking Integrating) – Security Policy
Objective
This policy ensures that appropriate measures are implemented to protect corporate information and the information systems, services, and equipment owned or utilised by Linking & Integrating, hereafter referred to as Linking Integrating.
It aims to secure Linking Integrating’s and its customers’ assets against theft, fraud, malicious or accidental damage, breach of privacy or confidentiality, and to protect Linking Integrating and its customers from damage or liability arising from the use of its facilities or services for purposes contrary to their intended use.
Scope
This policy applies to all Linking Integrating staff (onshore and offshore), customers, and any other persons affiliated but not employed by Linking Integrating who utilise its infrastructure and/or access its applications with respect to the security and privacy of information.
Staff, Customer, and Associate Access
Linking Integrating provides its staff and customers with access to electronic services, computers, and communication facilities, including solutions such as email, internet services, and administrative tools.
Where a staff member or customer is assigned login credentials or system passwords, they are responsible for maintaining the security of their User IDs and all activities associated with that ID. Knowingly disclosing passwords to others is a breach of policy and may result in account termination.
Linking Integrating expects its staff, customers, and associates to take all reasonable steps to ensure the integrity and security of its systems and data.
Contract / Temporary Access
Temporary access, required for purposes such as contract workers (onshore or offshore) or ‘test’ accounts, must include a user expiry date aligned with the completion of the required tasks to ensure the account is inaccessible after that date.
For ongoing maintenance and support by third-party companies, access must be restricted to the relevant systems and facilities for which they provide support.
Logical Security
Linking Integrating implements an environment that protects the integrity, availability, and confidentiality of its and its customers’ data through logical or computerised controls and processes.
Software Security
Software security pertains to access rights and protection of software packages supplied by, and for use within, Linking Integrating’s computer services infrastructure. All users are provided with a User Account for authentication and allocation of appropriate access rights to network facilities, including software solutions. Access is further controlled by secure passwords, which must be changed regularly.
End-Point Security and Antivirus Software
All Linking Integrating-issued PCs and laptops must run antivirus software, with the operating system set to auto-update to mitigate risks from vulnerabilities. Antivirus systems are in place to scan all incoming and internally circulating emails.
Non-standard PCs and laptops must also have current, updated antivirus software installed. It is the owner’s/user’s responsibility to ensure compliance. Failure to maintain updated antivirus software may expose Linking Integrating’s systems to significant disruption and damage from virus-infected devices.
Passwords
Individuals requiring access to Linking Integrating’s computing systems must be issued a unique login and password. Passwords must not be shared with or used by any other individual. Non-compliance will be treated as a serious breach of system security and may result in account termination.
Patch Management
Linking Integrating ensures that all managed systems and applications are kept current to address known software vulnerabilities. Updates are distributed at Linking Integrating’s discretion, typically daily, to mitigate risks from new zero-day vulnerabilities.
Customer system administrators are responsible for ensuring servers under their control are updated with required operating system and software patches. Periodic vulnerability assessments will be conducted by Linking Integrating-appointed staff in consultation with customer system administrators.
Data Security
Linking Integrating maintains the confidentiality of data on its information technology systems, ensuring access is restricted to authorised individuals. This policy should be read in conjunction with Linking Integrating’s privacy policies.
Confidential Data Security
To ensure the confidentiality and security of sensitive information, only authorised individuals are permitted access, as required by their job functions. Customer information is isolated from other customers through separate system partitions, independent management systems, and firewalls. All front-end internet solutions comply with Secure Socket Layer (SSL) technology to encrypt data between the user’s browser and the application server.
Unauthorised access to sensitive information through methods other than those granted by an appropriately authorised person will be deemed a breach, subject to disciplinary and/or legal action.
Staff and associates must be aware of their legal and corporate responsibilities regarding the appropriate use, sharing, or release of information. Any third party receiving restricted information must be authorised and must adopt equivalent information security measures to ensure data safety and integrity.