-
-
Information Security Policy
1.1 Terms and Definitions
“we”, “us” and “our” refer to PulseAi. “staff” and “users” means all of those who work under our control, including employees, contractors, interns etc
1.2 Purpose and Scope
The aim of this top-level policy is to define the purpose, direction, principles, and basic rules for information security management. The purpose of this document is to briefly communicate our security policies
1.3 Users and Responsibilities
Users of this document are staff, as well as relevant external parties. Further details and explanations can be provided by the PulseAi Compliance Team on request. The Operations Manager is responsible for all aspects of the implementation and management of these arrangements, unless noted otherwise
2. Compliance and Assurance
BuzzSaw Media has established a compliance framework that enables the organisation to effectively identify and manage information security, privacy, and business risks. BuzzSaw Media ensures the security and confidentiality of the Source Data that is supplied under the agreements from customers for the verification of their individuals.
3. Risk and Information Security
BuzzSaw Media analyses and evaluates identified risks to gauge their severity, probability, and controllability and determines a relative Risk score. The respective Risk scores are evaluated against approved criteria (for accepting risks and identifying the acceptable levels of risk) to identify and prioritize risks requiring treatment. BuzzSaw Media’s risk assessment practices are continually reviewed internally to ensure that a pragmatic business-led approach is adopted, best practice is maintained, and continuous improvement is achieved.
4. Personally Identifiable Information (PII) Protection
BuzzSaw Media considers Personally Identifiable Information (PII) to be treated with the utmost degree of sensitivity and deserving of the highest information classification. Confidentiality of PII stored for transactional purposes is achieved via SFTP processes. We do not store any PII unless advised otherwise. We ensure that all clients and related parties sign suitable contracts for access to the data. These contracts will highlight the penalties of any misuse by the company and that it is the responsibility of the company to ensure that their internal process implements the terms and use of the data.
5. Data Breach Notifications
Where a security incident involving a Personal Data breach is detected, the Operations/Privacy Officer is to be immediately notified. We will ensure all necessary parties and organisations are notified in accordance with our legal, contractual, and regulatory obligations and within the requisite stipulated timeframes.
As an Australian business, personal data breaches must be reported to both affected individuals and the Office of the Australian Information Commissioner (OAIC) and may need to be reported to other relevant authorities including financial services providers, law enforcement bodies, professional associations, and regulatory bodies.
6. Change Management
6.1 Change Management Procedures
BuzzSaw Media implements procedures to address risks related to changes in systems and business circumstances. All changes, whether code development, architecture, or infrastructure, require an appropriate level of testing to be undertaken which provides a high level of confidence that the change will be successful and will not negatively impact production functionality.
7. Security in Change Management
BuzzSaw Media takes into account the security requirements of each request for change from a risk perspective, considering the risk, likelihood, required mitigation, and ultimately the risk severity
8. System Security
8.1 Cloud Security
Buzzsaw Media’s cloud servers are protected by RackCorp Firewall with intrusion prevention systems (IPS) to identify and block threats in real-time. The cloud service provider is responsible for controlling access, logging and monitoring of the systems and infrastructure
8.2 Backup and Recovery
Backup copies of information, software and system images are taken and tested regularly. We ensure that the extent, frequency, and retention period of backups reflect business requirements, security requirements, the criticality of the information to continued operations, and legal or audit requirements. PulseAi’s backup data is subject to the same logical and physical security controls as other data to protect the confidentiality, availability, and integrity of data.
9. Data Centres
All data is stored on cloud-based servers, utilising firewalls, and advanced encryption, which is used to protect all data and applications. Databases have built-in security that prevents unauthorised access from malicious actors. All transactions are user and IP address logged.
Databases are backed up multiple times a day. Processes are in place to monitor and test the failover sites as required to ensure the capacity for redundancy remains in place
10. Network Security
BuzzSaw Media does not have an internal network. Network security is managed and controlled by RackCorp Pty Ltd. to protect the information in systems and applications
11. Legal and Regulatory Compliance
11.1 Cross Border Transfer of Information
BuzzSaw Media’s policies are designed to ensure that all information is secure both in internal databases and when our customers are accessing it. Access to systems is monitored electronically, providing an auditable record of who, what and when data was accessed.
12. Insurance
BuzzSaw Media maintains Public Liability, Product Liability, Professional Indemnity, and Cybersecurity insurance at all times. BuzzSaw Media actively reviews the insurance on a needs basis and at least once a year. We expect and request a similar level of insurance coverage from our contracting counterparts.
13. Client Information Security Requirements
All Clients or Customers using PulseAi Systems and Services, are expected to implement and maintain minimum information security requirements.
14. Supplier Due Diligence
BuzzSaw Media has measures in place to ensure our data sources are externally verified and certified to ensure reliability, accuracy, and legality of service. All our data source suppliers (“Suppliers”) undergo robust due diligence.
17. Breach of Policy
We will take all necessary measures to remedy any breach of this policy including the use of our disciplinary or contractual processes where appropriate.
Cut through the noise
Get started with Buzzsaw today.
Get our newsletter, event invites,
plus product insights and research. SubscribeWe acknowledge the cultures of our First Nations Peoples and are thankful for the community that we share together now.
We pay our respects to our First Nations Peoples and their elders/leaders, both past and present, and those who are rising up to become leaders.© 2024 Buzzsaw Media Pty Ltd. All rights reserved.
