Since ASW’s client base is varied and has different compliant/regularity requirements, we will integrate our partners’ information technology, security, and compliance needs in a bespoke manner to ensure that we can accommodate both simple and complex requirements.
EQUIPPED WITH THE LATEST INFORMATION TECHNOLOGY
All ASW team members are fully equipped with the latest information and communication technology, including hardware and software to ensure efficiency of workflow between our partners and the ASW team. This is crucial to assure a high performing working environment, which is significant to talent acquisition and retention.
ASW’s internal IT department supports our partners in the initial stages of on boarding their new team to ensure all IT requirements are met and integrated successfully. Our IT Team will ensure constant communication and assistance of any on-going maintenance that follows (if needed). We also provide 24/7 support and assistance for the ongoing maintenance of the delivered solution. Our aim is to minimise change for our partners and maximise work efficiency for their business needs by integrating our current IT infrastructure with our partners’ existing frameworks.
All our systems are highly maintained in a secure, private cloud environment, and hosted in Australia by ASW. When it comes to new technologies in the market, we work closely with our partners to learn and achieve them.
We are ISO27001 certified (an international organisation for standardisation) and thus, privacy and data security underscores our culture and values, as well as our policies and procedures. We are one of the first Australian companies to gain ISO27001 Information Security Management System certification and we have held this certification for nearly a decade. This is subject to annual recertification and bi-annual certification audits by Lloyds. As a result, stringent systems, policies and procedures are strictly maintained. Below is a summary of our controls and activities related to security, privacy and confidentiality:
- Firewall rules follow POLP “principle of least privilege”
- Protection against Trojans and viruses through anti-virus on servers and desktops, email gateways and internet filters
- Regular automated patching procedures to ensure that security updates are applied in a timely manner
- Regular penetration tests and scans to ensure that the network and systems are secure
- Data captured will continue to be stored in the Australian based environment and preferably one belonging to the client
- Security event log files are centralised and regularly reviewed for suspicious activity
- Restricted web and email access. (that is, work related sites that are whitelisted, no email except corporate email, which is logged and monitored)
- Bring your own devices (BYOD) such as phones and tablets are restricted to break out areas and are locked up during work hours
- A-grade CDB based building with 24/7 Security
- CCTV (entry/exit points and at sensitive areas)
- Alarm systems
- Photo ID access cards and biometric appropriate access controls in place for Malaysia, The Philippines and Vietnam.
- Secure desktop policy (PCs locked when staff leave desk, clean desk policy)
- Visitor sign-in requirement and visitors escorted on premises
- Dedicated sensitive areas with restricted access
Human Resource Security
- Employer of choice, ensuring access to the best candidates who are highly skilled Australian, UK and US educated
- Minimum of two reference checks conducted for all new staff
- Background checks and police checks conducted
- Policy training during induction (for all staff) in relation to information security and the protection of confidential information
- Requirement for all staff to sign and be bound by confidentiality/non-disclosure agreements
- Effective management team and structure
- Ongoing development for all our staff including management
- Generous remuneration and benefits
- A culture that focuses on integrity – we will not tolerate a lapse in our values
- Locked down environment to prevent unauthorised removal or duplication of data
- Utilisation of thin client ensuring no offshore storage capability, USB/Firewall or CD/DVD read/write (unless exempted for specific requirements).
- Access to external email and internet webmail are denied (unless exempted for specific requirements)
- No Printers – Dual screens used instead (unless exempted for specific requirements)