- Solutions
PRE-EMPLOYMENT
INDUCTION
COMPLIANCE
OTHER FEATURES
- Instant Demo
- Pricing
- Contact
- Resources
The Data Safety Policy of Induct For Work Pty Ltd aims to safeguard all data handled by the company, ensuring confidentiality, integrity and availability. This policy details how data is protected against unauthorised access, disclosure, alteration and destruction.
This policy is applicable to all employees, casuals and contractors of Induct For Work Pty Ltd. It covers all data managed by the company, including electronic data, paper records and data stored on other media.
Data Protection Officer (DPO): The DPO is responsible for overseeing the implementation and compliance of this policy. This includes regular reviews and updates, as well as leading responses to data breaches.
IT Department: Charged with the technical implementation of security measures, regular security audits and incident response.
Employees, Casuals and Contractors: Required to adhere to the policy’s protocols and report any security incidents immediately.
Data at Induct For Work Pty Ltd is classified into three categories:
5.1. Access Control
5.2. Data Encryption
5.3. Network Security
5.4. Monitoring and Logging
5.5. Data Backup and Recovery
5.6. Patch Management
This policy is reviewed annually or after any significant security incidents to ensure effectiveness and compliance. The DPO oversees the review process.
Access Control and Authentication Induct For Work uses AWS IAM to manage and control access to resources securely. Each employee is assigned unique credentials, and access is restricted based on their role. Multi-factor authentication (MFA) is mandated for accessing sensitive data, enhancing security by requiring an additional verification step.
Data Encryption All sensitive data stored on AWS is encrypted at rest using AWS KMS. This service allows the management of cryptographic keys used to protect data. During transmission, data is encrypted using TLS/SSL protocols to prevent interception by unauthorized parties.
Network Security The IT department employs AWS Security Groups and NACLs to restrict and monitor traffic flow. By setting rules for inbound and outbound traffic, only authorized communication is allowed, thus preventing unauthorized access.
Monitoring and Logging AWS CloudTrail logs all API calls made within the AWS environment, which helps in tracking user activity and identifying any unusual behavior. AWS CloudWatch monitors system performance in real-time, alerting the IT department of any anomalies that might indicate security threats.
Data Backup and Recovery Regular automated backups are performed to ensure data integrity and availability. These backups are stored in secure locations, and a comprehensive disaster recovery plan is in place to restore data in case of a system failure or data corruption.
Patch Management The IT department utilizes AWS Systems Manager to automate patch management, ensuring that all systems are up-to-date with the latest security patches. This reduces vulnerabilities that could be exploited by attackers.
Induct For Work conducts thorough security assessments of all third-party vendors. These assessments evaluate the vendors’ security practices to ensure they meet Induct For Work’s standards. Data protection agreements are established to guarantee that vendors handle data in compliance with our security policies.
Employees undergo regular training sessions covering data security practices, recognition of phishing attempts, and proper response protocols. These sessions are supplemented with periodic phishing simulations to reinforce learning and preparedness.
The incident response plan includes:
Regular security audits are conducted to evaluate compliance with the data security policy and relevant legal requirements. These audits help identify vulnerabilities and areas for improvement. The policy ensures compliance with the Australian Privacy Act 1988 and GDPR, protecting the privacy and rights of individuals.
The DPO is responsible for the annual review of this policy. Reviews are also conducted after significant incidents to incorporate lessons learned and improve security measures. This continuous improvement approach ensures the policy remains effective and aligned with evolving security threats and regulatory requirements.
Induct For Work Pty Ltd’s Data Security Policy is designed to protect the company’s data through robust security measures, compliance with legal standards, and continuous improvement. By leveraging AWS’s advanced security features and adhering to best practices, Induct For Work ensures the confidentiality, integrity, and availability of its data, thereby fostering trust and confidence among customers.
For further details or inquiries about this policy, please contact the Data Protection Officer at: