Security-OLD

Our facilities in Australia and in our overseas division adhere to global security, health, and safety standards.

In addition, we can scale up rapidly depending on project requirements.

Our secure delivery centre in our overseas division is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our clients’ data.

SMSF Auditing Australia and our overseas division have

  • offices and systems on par with international best practice for information security management
  • both physical and non-physical controls to ensure our company and client data is not compromised.
  • staff trained on security protocols, and we continuously run educational sessions to keep abreast of various threats within our industry.

Below are some of the physical and non-physical controls put in place by SMSF Auditing Australia and our overseas division.

Physical controls

  • Biometric scanners and access cards are required to enter offices.
  • Only authorised personnel are allowed to enter the office and processing centre.
  • Physical documents, books and other devices are prohibited in the processing centre.
  • The entire office is monitored by CCTV.
  • All PCs are desktops running a ‘dumb terminal system’.
  • Ability to save and store data on the PC is disabled.
  • CD Rom and other drives (USB) have been removed.
  • Access to physical/removable drives (external hard drives) have been disabled.
  • Printers and scanners are also not available within the processing centre.
  • Staff are required to keep personal belongings including bags, books or mobile devices in secure lockers provided outside the main processing centre.

Non-physical controls

  • Internet activity is heavily controlled with websites required to be added to a “whitelist” before they can be accessed.
  • Staff are unable to access personal emails from the office and work emails are unable to send data outside the office.
  • Intranet, internal portals, software, and sites have IP Authentication in place so that no one can access these records outside office premises.
  • Access to internal software is password protected with strength measurement. Passwords are also required to be updated on a regular basis.
  • All terminals include screen snapshots and are regularly audited to ensure staff are following security guidelines.
  • All terminals and servers are installed with firewalls, antivirus software, intrusion detection software and prevention systems to minimise any exploits or attacks.
  • Security software is kept always updated.
  • All PCs within organisation have an auto-lock feature to protect from unauthorised use.
  • Wireless connections are prohibited within offices.
  • We allow staff to work remotely from time to time. We make sure that staff exclusively work on the computer systems provided by the office and exclusively use the VPN when working and accessing our Australian servers.

Servers and support

We use Australian based servers. Our Service Level Agreement with our server provider ensures:

  • A minimum of 99.99% uptime.
  • All servers have hardware firewall protection software.
  • Enterprise class firewalls provide fully redundant state-full failover to ensure with the highest security and reliability.
  • Our dedicated servers are protected by Sourcefire Intrusion Detection & Prevention System (IDS/PS) ensuring our server’s ongoing security.
  • On-site and off-Site continuous data protection services ensures our data is protected 24/7.
  • Our server provider also offers our firm 24/7 support.

Training and education

All staff of SMSF Auditing Australia including staff working in our overseas division,

  • must sign a confidentiality agreement regarding our security protocol relating to data, client information and business insights.
  • have a duty to report any breach immediately so the appropriate action can be taken.
  • must not share information outside the organisation. If the information is shared within our team, it must only be in reference to completing the work.
  • must attend and satisfactorily complete regular data security training sessions.

We believe we have taken strict measures to ensure maximum security and protection of both our company and client’s data. If you have any questions regarding our risk parameters, please feel free to contact us and we would be more than happy to discuss.