Sign up to our newsletter
Locatrix logo light
Home
Solutions

Solutions

Fire Safety

Achieve building compliance

Certifiers & Auditors

Spatially accurate floorplans and evacuation signs

Building Management

Efficiently manage your building

Drafting

Your floorplans, drafted by us

Products

Products

PlanStudio®

Indoor Mapping Software

PlanSafe®

Online Training Platform

PlanSight

Coming Soon

AboutPartnerBlogContact
Sign In
See Pricing

Security & Compliance

Last updated
January 9, 2023

What information do we collect and store? 

Locatrix is certified to ISO 27001 Information Security Standard. IT security, cybersecurity and privacy protection are vital for Locatrix and it's customers.

  • Find out more about our ISO certification here: https://www.iso.org/isoiec-27001-information-security.html

We collect enough information to identify people as required by the Building Fire Safety Regulation 2008 s.45.‍

One of our core tenants is to collect only the minimum amount of information required by our customers. 

We don't require driver’s license numbers, passport numbers, Medicare numbers, etc. 

PlanSafe is tailored to the unique needs of our customers, meaning that the information collected varies. Typically, this may include:

‍

Personally Identifiable Information

  • Employee/payroll number User type (employee, contractor, etc)
  • Work location and role at that location
  • Email address
  • First name
  • Surname
  • Year of birth
  • Training records
  • Web analytics
  • IP address/location
  • Site visit activity(pages visited, session length, LMS session ID if relevant)
  • Operating system type  
  • Browser type

‍

Company Information

  • Floor Plans
  • Emergency Procedures
  • Compliance Documents
  • Evacuation Signs Evacuation
  • Practice Records
  • EPC Meeting Minutes
  • Personal Emergency Evacuation Plans

You can see the information collected about you in the "Personal Details" tab once you are logged into PlanSafe.

‍

‍

‍

‍

How is the above information protected?

PlanSafe data is only available to authorised administrators with reporting access.

  • Permissions can be applied to ensure that administrators only have access to the records associated with occupants of a specific building.
  • Administrator accounts can be linked to single sign-on systems to enable (Two-Factor Authentication) 2FA (not mandatory, but is a recommended best practice).
  • (Two -Factor Authentication) 2FA is always required for all Locatrix administration staff.

‍

Data Storage & Encryption

  • All information is encrypted both in transit and at a rest.
  • Data for each PlanSafe customer is isolated in separate database schemas with unique credentials.
  • This means the compromise of one PlanSafe website is less likely to expose data from other PlanSafe websites.
  • Our services are hosted by Microsoft Azure in their Australia East and Australia Southeast data centers.
  • https://azure.microsoft.com/en-au/resources/microsoft-azure-compliance-and-australian-security-and-privacy-requirements/
  • Our infrastructure is kept in virtual networks/behind firewalls, preventing direct connections to our databases from outside our networks.
  • We use GitHub's Dependabot (https://github.com/features/security) to monitor our code for known vulnerabilities and help keep software packages up to date.

‍

How do we ensure compliance with our obligations regarding sensitive data (e.g. reviews of our processes, process documentation etc.)?

Locatrix is ISO-27001 certified (an international standard for information security management).

  • This certification comes with the requirement for regular annual audits/reviews performed by a certified third party (Compass Assurance).
  • We maintain an extensive set of internal information security policies (over 77 documents covering 114 required controls) that are regularly reviewed.

All Locatrix employees are subject to background checks and regular training across our information security practices.

Locatrix IT systems are protected by both standard malware scanning systems, along with active vulnerability scanning provided by Triskele Labs (a CREST certified provider).

We also subject our systems and applications to regular penetration testing performed by Triskele Labs.

  • This means that we pay a security firm to try and hack us so that we're the ones to discover any vulnerabilities in our own systems, instead of malicious hackers.

Our clients regularly require us to complete security questionnaires to ensure that our practices comply with their own internal requirements.

The questions we answer often relate to the requirements contained within the Information Privacy Act 2009 (Qld), the Queensland Government Information Security Classification Framework and the Australian Signals Directorate Essential Eight.

‍

Do any third parties have access to saved data?

Our services are hosted by Microsoft Azure in their Australia East and Australia Southeast data centers.

https://azure.microsoft.com/en-au/resources/microsoft-azure-compliance-and-australian-security-and-privacy-requirements/

We push limited data (name + work email address) into two third parties for analytics/troubleshooting purposes.

  • Sentry (troubleshooting) - https://sentry.io/security/
  • Pendo (analytics) - https://www.pendo.io/data-privacy-security/
info@locatrix.com
Locatrix logo light
© Locatrix
Solutions
Fire SafetyCertifiers & AuditorsBuilding ManagementDrafting
Products
PlanStudio®
PlanSafe®PlanSight COMING SOON
Resources
AboutBlogCorelDRAW vs PlanStudio®
Support
Socials
Facebook link
Instagram link
Twitter link
LinkedIn link
YouTube link
Contact
info@locatrix.com
+61 1300 738 461
Level 1, Unit 12 / 3908 Pacific Highway, Loganholme QLD 4129, Australia
Security & Compliance
PlanSafe® Terms & Conditions
PlanStudio® Terms & Conditions
Intellectual Property
Privacy Policy
Made with 🧠 in Australia