IT Alliance Australia Pty Ltd
ABN 86 616 577 023
Updated: 30 October 2023
IT Alliance Australia understands the importance of an effective information security program to protect the confidentiality, integrity, and availability of all assets from potential threats. This allows us to perform our services effectively and maintain our reputation as a trusted user of stakeholders’ data.
This strong commitment to security is reflected in the implementation of security polices, processes and controls, as well as dedicated staff to manage information security.
This statement is intended to serve as reference material for third parties such as customers, vendors, and regulatory authorities. Information contained in this statement is general in nature and provided as a guide only based on IT Alliance Australia’s current operating conditions, knowledge and understanding. It has been prepared in good faith and should not be relied on for any purpose other than for information gathering purposes.
Security Policy and Compliance
All security policies and procedures are implemented according to the requirement s of ‘ISO/IEC 27001:2022 – Information security, cybersecurity, and privacy protection — Information security management systems — Requirements’ and are reviewed on a regular basis. IT Alliance Australia Policies and Processes also comply with the requirements of Defence Industry Security Program. Details of specific membership level can be provided on request.
Regular web application penetration tests are conducted by independent security organisations, and the findings are addressed promptly.
IT Alliance Australia utilises Software as a Service solutions (SaaS) and does not have any on-premises technical infrastructure. Our laptops are secured with logical access controls and encryption controls.
IT Alliance Australia’s registered business premises have appropriate access controls and CCTV monitoring.
Shared responsibilities in the cloud
|Information and Data
|IT Alliance Australia
|Devices (Mobile and PCs)
|IT Alliance Australia
|Accounts and Identities
|IT Alliance Australia
|Identity and Directory Infrastructure
|Shared with SaaS provider
All IT Alliance Australia employees and contractors are required to complete a Police Check and fulfil Security Clearance requirements of AGSVA as per the client and project need. All personnel are also mandated to sign a confidentiality agreement.
All IT Alliance Australia employees are required to complete regular compliance trainings, including ICT password, cyber-security awareness, corporate governance and finance, code of conduct, and fraud and corruption trainings.
We have a dedicated:
- Data Governance team, who is responsible for provisioning data access, and completing data audits.
- Security team, who is responsible for platform, security compliance, education, user management and access control.
All information assets are managed as per an internal Data Governance Framework which complies with the requirements of ‘ISO/IEC 27001:2022 – Information security, cybersecurity, and privacy protection — Information security management systems — Requirements’ and are reviewed on a regular basis.
An internal Information Labelling, Classification and Handling Policy is in place to help identify the confidentiality requirements of all information assets and ensure appropriate labelling and handling through it’s the lifecycle of information – creation, storage, archival and sharing of information.
Record retention and disposal requirements are communicated to relevant personnel ensure appropriate retention and disposal of information assets.
IT Alliance Australia follows a formal process for creation and deletion of user accounts and access to specific data. Additional controls have been implemented for users who have administrative level of access to information systems. Our controls include:
- Multi-factor authentication
- Secure configuration
- E-mail filtering and web security
- Third party security
- Cyber training and awareness
- Recovery and back-up
A Password Management Policy is in place and defines the requirements for password changes, and complexity for all user and administrator passwords.
Information Security Risk assessment is conducted on regular intervals and risk remediation is recorded and monitored for continual improvement.
IT Alliance Australia maintains cyber insurance cover to manage costs arising from cyber risks. It is one of the many components in our strategy for managing cyber risks.
IT Alliance Australia management and Security team regularly engage external firms and subject matter experts to conduct reviews and provide feedback on our strategic cyber priorities. IT Alliance Australia also participates in regular internal and external audits and regulatory reviews which help identify areas for improvement.