SMSF Auditors ISO Security

Security Policy

(applicable to clients signing Statement of Work on or after 1st February 2022)

Our facilities adhere to various applicable global security, health and safety standards. In addition, we have the ability to scale up rapidly depending on project requirements. Our secure delivery centre is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our clients’ data.

Members of our group of companies are ISO 27001-certified. This means key parts of our offices and systems that handle data are on par with international best practice for information security management. SuperRecords has both physical and non-physical controls to ensure our company and client data is not compromised. Our back-office staff in India are trained on security protocols and we continuously run educational sessions to keep abreast of various threats within our industry. We do not use third party contractors to complete any work.

ISO Security

Physical Controls at our Delivery Center

  • Biometric scanners and access cards are required to enter our offices.
  • Only authorised personnel are allowed to enter the office and processing centre.
  • Physical documents, books and other devices are prohibited in the processing centre.
  • The entire office is monitored by CCTV.
  • Ability to save and store data on the PC is disabled.
  • CD Rom and other drives (USB) have been protected by passwords.
  • Access to physical/removable drives (external hard drives) have been disabled.
  • Printers and scanners are also not available to all staff within the processing centre.
  • Staff are required to keep personal belongings including: bags, books or mobile devices in secure lockers provided outside the main processing centre.

Non-Physical Controls on our Servers

  • Internet activity is monitored & controlled within the server environment.
  • Staff are unable to access personal emails from the office and work emails are unable to send data outside the office.
  • Our intranet, internal portals, software and sites have IP Authentication in place so that no one can access these records outside our office premises.
  • Access to our internal software is password protected with strength measurement.
    Passwords are also required to be updated on a regular basis.
  • All terminals include screen snapshots and are regularly audited to ensure staff are following security guidelines.
  • All our terminals and servers are installed with firewalls, antivirus software, intrusion detection software and prevention systems to minimise any exploits or attacks.
  • Our security software is kept updated at all times and when required.
  • All PC’s within our organisation have an auto-lock feature to ensure PC’s are not kept unlocked.
  • Wireless connections on personal devices are prohibited.

Servers and Support

Our servers are located in sites in Australia and overseas including Singapore, India and USA. Our Service Level Agreement with our server provider ensures:

  • A minimum of 99.99% uptime.
  • All servers are protected by a firewall.
  • Enterprise class firewalls provide fully redundant state-full failover to ensure the highest security and reliability.
  • Our dedicated servers are protected by Source fire Intrusion Detection & Prevention System (IDS/PS) ensuring our server’s ongoing security.
  • On-site and off-Site continuous data protection services ensure our data is protected 24/7.
  • Our server provider also offers our firm 24/7 support.

Training and Education

  • All staff must sign a confidentiality agreement in regards to our security protocol relating to data, client information and business insights.
  • All staff have a duty to report any breach immediately so the appropriate action can be taken.
  • All staff must not share information outside the organisation. If the information is shared within our team, it must only be in reference to completing the work.
  • All staff must attend and satisfactorily complete regular data security training sessions.

We believe we have taken strict measures to ensure maximum security and protection of both our company and client’s data. If you have any questions regarding our risk parameters, please feel free to contact us and we would be more than happy to discuss.

Read the Security Policy applicable to existing clients where Statement of Work was signed before 1st February 2022