SuperChoice’s Information Security Management System (ISMS) is certified against:
- ISO 27001:2013 (independent audit)
- Operational Security Framework - oversight by ATO
- Information Security Manual (ISM) - oversight by Gateway Network Governance Body (GNGB)
Independent security audits are undertaken annually.
Our Information Security Management System covers the following areas:
| Access Control | Limits access to information and information processing facilities access control provides guides. |
| Asset Management | Identifies organisational assets and defines appropriate protection responsibilities. |
| Business Continuity and Disaster Recovery |
Ensures Information security continuity is embedded in the organisation’s business continuity management system. |
| Communication security | Ensures the protection of information in networks and supporting processing facilities. |
| Compliance | Prevents breaches of any law, statutory, regulatory or contractual obligations related to information security and of any security requirements. |
| Cryptography | Ensures proper and effective use of cryptography to protect the confidentiality, authenticity, and or integrity of information. |
| Human Resources Security |
Ensures that employees and contractors understand their responsibilities and are suitable for the roles for which they are considered. |
| Information security incident management |
Ensures a consistent and effective approach to the management of information security incident including communication (within SuperChoice, with clients, third parties and regulators) on security events, incidents and weaknesses. |
| Information Security | Covers management’s direction and support for information security in accordance to business requirements and relevant laws, and regulations. |
| Network Security | Ensures the protection of information in network and its supporting information processing facilities. |
| Operations security | Ensures correct and secure operations if information processing facilities. |
| Physical and environmental security |
Prevents unauthorised physical access, damage and interference to the organisation’s information and information processing facilities. |
| System acquisition, development and maintenance |
Ensures information security is an integral part of information systems across the entire system development and acquisition lifecycle. |
Comments
0 comments
Please sign in to leave a comment.