Incident Response Plan
- Prepared Protocols - A documented response plan outlines how we detect, contain, and resolve security incidents.
- Compliance-Driven - We follow the Notifiable Data Breach scheme and relevant privacy laws.
Breach Notification
- Timely Updates - If your data is affected, we notify you without delay.
- Clear Communication - Notifications explain what happened, what data was involved, and what’s being done.
Penetration Testing
- Internal Assessments - Our technical team conducts regular penetration tests against our platform, including web applications, APIs, and infrastructure components, using industry-standard tools and methodologies.
- OWASP-Based Methodology - Testing is guided by the OWASP Top 10 and includes checks for authentication flaws, injection vulnerabilities, misconfigurations, access control issues, and more.
- Risk-Based Remediation - Any identified issues are triaged by severity and resolved promptly. We maintain internal records of findings and remediation actions.
- Part of Ongoing Security Posture - Penetration testing is integrated into our broader security process alongside code reviews, automated vulnerability scans, and patch management.