SMSF Auditing Australia complies and works in accordance with the National Privacy Principles and the Privacy Act 1988 (Cth). SMSF Auditing Australia is committed to ensure the safekeeping and collection of personal information.
Collection of Personal Information
SMSF Auditing Australia does not contact your clients directly or indirectly. Any client information is collected via the Accounting or Financial services firm.
The information we are provided include:
- Names, Address, DOB and POB
- ABN’s, TFN’s and Employment details
- Personal health and insurance information
- Financial information – such as income, expenses, superannuation and investment details
Use of personal information
SMSF Auditing Australia provides SMSF Auditing Services. The collection and use of personal information are only to facilitate the above services to your firm as requested by you.
SMSF Auditing Australia only uses personal information for the purpose(s) for which it was given to us and for related purposes (unless otherwise required by or authorised by law) or as consented to by you or your firm.
Disclosure of personal information
SMSF Auditing Australia will only provide the information that relate specifically to the jobs requested by your firm to their staff in Australia and to the staff of their overseas division.
The information will not be provided or sold to other institutions. If there is a legal situation, the information may be provided in accordance with the law.
We have an overseas division assisting us in audit file preparation work. We have engaged an outsourcing partner overseas. The overseas division works exclusively for us. We only store client information in a data server managed in Australia, which is subject to Australian privacy law. Our staff working in Australia and in overseas division works only on our Australian-based servers.
Storage and Data Security
SMSF Auditing Australia stores all the data electronically on secure servers in Australia. We have taken the necessary measures to ensure our data integrity is not compromised. The data is stored for 10 years for compliance & auditing purposes and removed thereafter.
Our secure delivery centre in our overseas division is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our clients’ data.
SMSF Auditing Australia and our overseas division, have
- offices and systems on par with international best practice for information security management
- Biometric scanners and access cards are required to enter offices.
- Only authorised personnel are allowed to enter the office and processing centre.
- Physical documents, books and other devices are prohibited in the processing centre.
- The entire office is monitored by CCTV.
- All PCs are desktops running a ‘dumb terminal system’.
- Ability to save and store data on the PC is disabled.
- CD Rom and other drives (USB) have been removed.
- Access to physical/removable drives (external hard drives) have been disabled.
- Printers and scanners are also not available within the processing centre.
- Staff are required to keep personal belongings including bags, books or mobile devices in secure lockers provided outside the main processing centre.
- Internet activity is heavily controlled with websites required to be added to a “whitelist” before they can be accessed.
- Staff are unable to access personal emails from the office and work emails are unable to send data outside the office.
- Intranet, internal portals, software, and sites have IP Authentication in place so that no one can access these records outside office premises.
- Access to internal software is password protected with strength measurement. Passwords are also required to be updated on a regular basis.
- All terminals include screen snapshots and are regularly audited to ensure staff are following security guidelines.
- All terminals and servers are installed with firewalls, antivirus software, intrusion detection software and prevention systems to minimise any exploits or attacks.
- Security software is kept always updated.
- All PCs within organisation have an auto-lock feature to protect from unauthorised use.
- Wireless connections are prohibited within offices.
- We allow staff to work remotely from time to time. We make sure that staff exclusively work on the computer systems provided by the office and exclusively use the VPN when working and accessing our Australian servers.
Reporting of data breach
If there is a data breach that is likely to result in serious harm, we will take the following action:
- Contain the information leak and asses the actual damage caused by the breach.
- Prepare a statement detailing the breach.
- Immediately after providing the statement, notify everyone to whom the information relates to, or who are at risk.
- If this is not possible, then we will:
- Publish a copy of the statement on the website, and
- Take reasonable steps to publicise the contents of the statement.
- Review and change our systems and processes to ensure they are further secured against future breaches.
Access to personal information
Your firm and staff can access the personal information that you provide. SMSF Auditing Australia will take the necessary steps to identify that you are a client of SMSF Auditing Australia before they provide the information to you.
If you have any questions regarding this information, please feel free to get in touch with us.