We have control systems in place to ensure that the core principles of information security are upheld, namely confidentiality, integrity and availability.
Our system of procedural controls includes signed confidentiality statements from our employees, separation of duties, a corporate security policy, a complex password policy and dual authentication via token identification and passwords for access to our online accounting portal.
We also have in place various technical controls where software and data are used to monitor and control access to information and computing systems. These include the use of passwords, leading-edge firewalls, a network intrusion detection system, anti-virus and anti-spyware software, access control lists, encryption of data transmitted off-site and the principle of ‘least privilege’.
Additionally, we have in place a number of physical controls in order to monitor and control the environment of our work place and information technology facilities. These include security protected access to our work place, visitor control, climate control, smoke and fire detection systems, data back-up controls, and separation of the network from work function areas.