.png)
Security & Compliance
Data Collection
Locatrix is certified to ISO/IEC 27001, the international standard for information security management. Protecting customer data is fundamental to how we operate.
Our products are configured to our customers’ regulatory and operational requirements, so the collected data varies. We apply two principles across every product:
- Minimum necessary: we only collect what's required to identify building occupants under the Building Fire Safety Regulation 2008 (Qld) s.45 (or equivalent local obligations) and to operate the service.
- No government identifiers: we do not request driver's licence numbers, passport numbers, Medicare numbers, or similar.
The data we collect typically includes:
Personally Identifiable Information
- Employee or payroll number, and user type (employee, contractor, etc.)
- Work location and role at that location
- Email address
- First name
- Surname
- Year of birth
- Training records
- Web analytics
- IP address/location
- Site visit activity (pages visited, session length, LMS session ID if relevant)
- Operating system type
- Browser type
Company Information
- Floor Plans
- Emergency Procedures
- Compliance Documents
- Evacuation Signs
- Evacuation Practice Records
- EPC Meeting Minutes
- Personal Emergency Evacuation Plans
For more information, contact your account administrator or email info@locatrix.com
Data Protection
Access controls
- Permissions can be applied to ensure that administrators only have access to the records associated with occupants of a specific building.
- Customer administrators can link accounts to single sign-on (SSO) to inherit their organisation's identity controls, including multi-factor authentication. We strongly recommend it.
- Multi-factor authentication is mandatory for all Locatrix staff with access to production systems.
Data Storage & Encryption
- Information is encrypted both in transit and at rest.
- Locatrix products are hosted on Microsoft Azure in the Australia East and Australia Southeast regions - see: https://azure.microsoft.com/en-au/resources/microsoft-azure-compliance-and-australian-security-and-privacy-requirements/
Compliance and Obligations
- Locatrix maintains ISO/IEC 27001 certification, independently audited by Compass Assurance Services.
- All Locatrix employees pass background checks before joining and complete information security training on induction and annually thereafter.
- Parabellum, a CREST-accredited Australian penetration testing firm, conducts regular adversarial testing of our infrastructure and applications. Endpoints and servers are continuously monitored for malware and indicators of compromise.
- Our practices follow guidance from the Information Privacy Act 2009 (Qld), the Queensland Government Information Security Classification Framework, and the Australian Signals Directorate's Essential Eight. We regularly complete customer security assessments against these frameworks on request.
Third-party Subprocessors
We engage third-party providers to host, secure and support the Locatrix platform, which may include storing or processing customer data to support our products.
Reporting a Vulnerability
If you believe you've found a security vulnerability in any Locatrix product, please report it to security@locatrix.com