As part of Yorb’s Managed Service Agreement, we take security seriously. We will endeavour to put the appropriate security in place to protect your systems and advise when we feel improvements can be made. At a minimum, we recommend that every business has:
- An enterprise-grade firewall
- Up to date anti-virus software
- Software patch management
- Multi-factor authentication
For more information on business security, please visit our Security page. You can also access our Security booklet here.
As Yorb does not have visibility of the type and sensitivity of the data you are storing, or indeed how you might be sharing this either internally or externally, we are unfortunately unable to certify your business's compliance with the Privacy Act. It is your responsibility to identify Personally Identifiable Information (PII) that is stored within your systems and to ensure the appropriate controls put in place around its use in compliance with the Privacy Act. However, we are here to help and provide guidance. Learn how we can help in the assistance section below. Here are some important questions to consider:
- Do you know all the information you collect about individuals and is it considered PII?
- Where is the information stored?
- What systems and policies have been put in place to protect the data?
- Are you able to detect if data gets breached?
- Who in the business is responsible for privacy?
- Is your team trained to identify and handle PII?
- Do you take into consideration data sovereignty and local privacy laws? E.g. data stored regarding Australian or European residents must comply with the NDBR/GDPR.
The office of the Privacy Commissioner has some free online training on their eLearning platform (https://www.privacy.org.nz/further-resources/online-privacy-training-free/). This is an excellent resource to ensure your teams understand the basics of what is required.
We have a team of consultants available to tailor a Data classification audit specific to your business and consider with your internal teams items such as:
- The current data silos you have.
- The information that is stored in each of these silos
- The sensitivity of the information stored.
- The security policies, protocols, and systems put around each silo
- The level of security around that silo, if it is appropriate for the information stored.
- The mechanisms you have in place to detect that data has been breached.
Contact our team for further advice about the upcoming changes. We are here to support your business and help you meet the legislative requirements.