Security Statement

IT Alliance Australia Pty Ltd

Security Statement

ABN 86 616 577 023

Updated: 30 October 2023


IT Alliance Australia understands the importance of an effective information security program to protect the confidentiality, integrity, and availability of all assets from potential threats. This allows us to perform our services effectively and maintain our reputation as a trusted user of stakeholders’ data.

This strong commitment to security is reflected in the implementation of security polices, processes and controls, as well as dedicated staff to manage information security.

This statement is intended to serve as reference material for third parties such as customers, vendors, and regulatory authorities. Information contained in this statement is general in nature and provided as a guide only based on IT Alliance Australia’s current operating conditions, knowledge and understanding. It has been prepared in good faith and should not be relied on for any purpose other than for information gathering purposes.

Security Policy and Compliance

All security policies and procedures are implemented according to the requirement s of ‘ISO/IEC 27001:2022 – Information security, cybersecurity, and privacy protection — Information security management systems — Requirements’ and are reviewed on a regular basis. IT Alliance Australia Policies and Processes also comply with the requirements of Defence Industry Security Program. Details of specific membership level can be provided on request.

Regular web application penetration tests are conducted by independent security organisations, and the findings are addressed promptly.

Physical Security

IT Alliance Australia utilises Software as a Service solutions (SaaS) and does not have any on-premises technical infrastructure. Our laptops are secured with logical access controls and encryption controls.

IT Alliance Australia’s registered business premises have appropriate access controls and CCTV monitoring.


Shared responsibilities in the cloud

Information and DataIT Alliance Australia
Devices (Mobile and PCs)IT Alliance Australia
Accounts and IdentitiesIT Alliance Australia
Identity and Directory InfrastructureShared with SaaS provider
ApplicationsSaaS provider
Network ControlsSaaS provider
Operating SystemSaaS provider
Physical hostsSaaS provider
Physical networkSaaS provider
Physical datacentreSaaS provider


Personnel Security

All IT Alliance Australia employees and contractors are required to complete a Police Check and fulfil Security Clearance requirements of AGSVA as per the client and project need. All personnel are also mandated to sign a confidentiality agreement.

All IT Alliance Australia employees are required to complete regular compliance trainings, including ICT password, cyber-security awareness, corporate governance and finance, code of conduct, and fraud and corruption trainings.

We have a dedicated:

  • Data Governance team, who is responsible for provisioning data access, and completing data audits.
  • Security team, who is responsible for platform, security compliance, education, user management and access control.

Asset Management

All information assets are managed as per an internal Data Governance Framework which complies with the requirements of ‘ISO/IEC 27001:2022 – Information security, cybersecurity, and privacy protection — Information security management systems — Requirements’ and are reviewed on a regular basis.

An internal Information Labelling, Classification and Handling Policy is in place to help identify the confidentiality requirements of all information assets and ensure appropriate labelling and handling through it’s the lifecycle of information – creation, storage, archival and sharing of information.

Record retention and disposal requirements are communicated to relevant personnel ensure appropriate retention and disposal of information assets.

Access Control

IT Alliance Australia follows a formal process for creation and deletion of user accounts and access to specific data. Additional controls have been implemented for users who have administrative level of access to information systems. Our controls include:

  • Multi-factor authentication
  • Secure configuration
  • E-mail filtering and web security
  • Third party security
  • Cyber training and awareness
  • Recovery and back-up

A Password Management Policy is in place and defines the requirements for password changes, and complexity for all user and administrator passwords.

Risk Management

Information Security Risk assessment is conducted on regular intervals and risk remediation is recorded and monitored for continual improvement.

Cyber Insurance

IT Alliance Australia maintains cyber insurance cover to manage costs arising from cyber risks. It is one of the many components in our strategy for managing cyber risks.


IT Alliance Australia management and Security team regularly engage external firms and subject matter experts to conduct reviews and provide feedback on our strategic cyber priorities. IT Alliance Australia also participates in regular internal and external audits and regulatory reviews which help identify areas for improvement.