When it comes to our internal systems, Greenlight is committed to following the best practices as outlined by the Australian Cyber Security Centre (ACSC) guidelines for Managed Services Providers. Our core values are to practice ourselves whatever we preach to our customers. We do this so that we can provide world class security to our customers and ensure that your data is safe with us. This means that as a company our goal is to:
1. Prioritise cyber security in everything we do
- Implement security measures during all stages of ICT system and network development, deployment, and maintenance.
- After implementing recommended risk mitigations, review and accept residual cyber security risks before authorising systems and networks to operate in production environments.
- All changes to ICT systems and networks are recorded, reviewed, and approved before implementation.
- Cyber security is a core requirement for procuring software, hardware, and services, including cloud services from our vendors.
- Implement the ACSC’s Essential Eight mitigation strategies.
2. Protect the confidentiality, integrity, and availability of our data, and our customers’ data
- Perform daily backups of important data.
- Store backups for at least 3 months for internal data.
- Conduct partial recovery tests of backups annually or more frequently.
- Implement and test our business continuity plan, and disaster recovery plan.
3. Educate our staff about cyber security
- Provide contemporary cyber security awareness training to new staff at induction.
- Provide monthly cyber security awareness training to all staff.
4. Act ethically and responsibly with our customers’ data and cyber security
- Segregate customer networks logically and physically from each other and from our internal networks.
- Implement multi-factor authentication wherever possible.
- Have upfront and transparent cyber security conversations with customers.
- Apply security patches and mitigate vulnerabilities within ACSC’s recommended timeframes.
- Report all confirmed cyber security incidents and data breaches to impacted customers and the ACSC within 48 hours.
- Report all data breaches that are likely to result in serious harm to individuals as soon as practicable to the Office of the Australian Information Commissioner.
5. Be prepared for cyber security incidents
- Have an Incident Response Plan and exercise it.
- Log security events to a secure centralised logging solution.
- Retain event logs and review logs daily for unusual activity.
- Train our staff on how to respond to a cyber security incident.
6. regularly review and improve our cyber security
- Regularly assess the cyber security of ICT systems and networks.
- Continually monitor cyber security risks and posture.