We have control systems in place to ensure that the core principles of information security are upheld, namely confidentiality, integrity and availability.
Our system of procedural controls includes signed confidentiality statements from our employees, separation of duties, a corporate security policy, a complex password policy and dual authentication via token identification and passwords for access to our online accounting portal.
We also have in place various technical controls where software and data are used to monitor and control access to information and computing systems. These include the use of passwords, leading-edge firewalls, a network intrusion detection system, anti-virus and anti-spyware software, access control lists, encryption of data transmitted off-site and the principle of ‘least privilege’.
Additionally, we have in place a number of physical controls in order to monitor and control the environment of our workplace and information technology facilities. These include security protected access to our workplace, visitor control, climate control, smoke and fire detection systems, data backup controls, and separation of the network from work function areas.