Information Security Planning
Care Systems' Information Security Management Systems (ISMS) is designed based on our risk assessment and treatment plan which align with our primary goal to protect our customers sensitive information which our products store and manage. Our ISMS covers the following areas:
- Maintaining comprehensive Information security policies, including regarding mobile devices and teleworking
- Managing & organising information security activities, allocation of roles and responsibilities for internal and external
stakeholders - Human resource security – candidate screening, terms of employment, ongoing training, management of ISMS
responsibilities, and processes relating to change or termination of employment. - Asset management – inventory and management of all assets including during change or termination of employment.
- Access control – policies and procedures for managing access to all internal and external environments and systems, based
on best-practice individual access control. - Cryptography – specific policies and procedures for managing cryptographic keys and associated artefacts.
- Physical and environmental security – policies and procedures relating to the physical security of organisational and client
owned data. All Care Systems managed systems are hosted in secure Australian based Tier 3+ data centres. - Operations security – ongoing management of operations, system changes, maintaining system capacity, protection from
external threats, monitoring, logging, control and audit of critical systems. - Communications security – policies and procedures relating to network design and segregation of network access, and
management of electronic communication platforms including email and other channels. - System acquisition, development and maintenance – procedures relating to the procurement, testing and implementation
of new systems, management of test data, ensuring appropriate access control is implemented on new or changed systems. - Supplier relationships – standard supplier agreements for all suppliers, and specific agreements and procedures in place for
suppliers involved in ISMS activities:
• Information security incident management – incident management procedures are in place.
• Information security aspects of business continuity management - Disaster Recovery plan is in place and maintained to
ensure business continuity for our customers in the event of system failure or outage. - Compliance – external partners are engaged to provide external oversight, assessment and compliance to industry
standards and other requirements.
For more information, please read the attached document Care Systems Security Statement.