How do we ensure compliance with our obligations regarding sensitive data (e.g. reviews of our processes, process documentation etc.)?
Locatrix is ISO-27001 certified (an international standard for information security management).
This certification comes with the requirement for regular annual audits/reviews performed by a certified third party (Compass Assurance).
We maintain an extensive set of internal information security policies (over 77 documents covering 114 required controls) that are regularly reviewed.
All Locatrix employees are subject to background checks and regular training across our information security practices.
Locatrix IT systems are protected by both standard malware scanning systems, along with active vulnerability scanning provided by Triskele Labs (a CREST certified provider).
We also subject our systems and applications to regular penetration testing performed by Triskele Labs.
This means that we pay a security firm to try and hack us so that we're the ones to discover any vulnerabilities in our own systems, instead of malicious hackers.
Our clients regularly require us to complete security questionnaires to ensure that our practices comply with their own internal requirements.
The questions we answer often relate to the requirements contained within the Information Privacy Act 2009 (Qld), the Queensland Government Information Security Classification Framework and the Australian Signals Directorate Essential Eight.
Do any third parties have access to saved data?
Our services are hosted by Microsoft Azure in their Australia East and Australia Southeast data centers.