PROTECTION & SECURITY
EXECUTIVE SUMMARY


The following is a summary of our approach to protecting your organisation's information.

ibCom has an Information Security Management System (ISMS) which covers managing the confidentiality, integrity, availability of information managed on its entityOS.cloud service.

The ibCom ISMS is complaint with ISO27001/17 and externally audited/certified.

IBCOM'S INFORMATION SECURITY POLICY

Management has committed to the integration of information security into all areas of the business, to the level of globally acceptable standards. 

We are committed to the care of our information security assets in the sense of their integrity, confidentiality and availability. Our aim is also to permanently keep and maintain the achieved level of the information security, along with continual improvement.

Our information security commitment, is to all areas of the business, including but not limited to: Business operations , cloud based SAAS product development, business and system architecture, Operating Model, HR policies, IT security policies , employment agreements , systems and cloud security, director policy for role based security and administrative privileges, cloud service provider internal compliance and certifications, client/user engagement, project and software lifecycles & governance.

An Information Security Management Reference (ISMS)* reference document has been created to define the purpose, scope, direction, principles and basic rules for our information security. The ISMS is available for review by all IbCom employees and any interested parties.

The confidentiality, integrity, protection and availability of ibCom’s information assets should always be preserved, whatever the form of the information and however it is shared, utilised, communicated or stored.

The ISMS is based on the ISO 27001, 27017 Information Security standards.

Mark Byers
CEO, ibCom Pty Ltd

ISMS Reference Overview

KEY ITEMS
RELATING TO MYDIGITALSTRUCTURE.CLOUD
Risk Management

  • We are constantly managing risks in relation to information security, as it is core to the value of business to our customers and shareholders.

  • We have established risk management controls for all risks identified as per our compliance to the ISO27001 & ISO27017 standards.
Notifications
  • Within in our ISMS we have an incident management process which includes notification to all our customers if there was any breach in regards to the confidentiality, integrity, availability of any of our customers information, or significant change to our operations resulting in a significant change to our risks.

  • Incidents can be viewed on our public webpage @
    docs.mydigitalstructure.cloud/incidents
Testing
  • The testing of our services is core to our operations, and we rely our own automated testing service which is running constantly as described @
    docs.mydigitalstructure.cloud/protect_testing

  • The evidence of this automated testing service forms part of our external audit to ISO27001/17.
Intellectual Property Protection
  • Add data that is stored with in your space is your property and not shared in any form.

  • Any information we learn about your organisation while interacting with your organisation is not shared.
Staying Current
  • We are constantly reviewing our ISMS and associated controls as per our ISMS via periodic management and technical reviews - evidence of which forms part of our external audit to ISO27001/17.

  • Reviews include feedback from our automated testing.

  • Infrastructure is being constantly updated to deal with current threats and the Web Access Firewall uses the latest Control Sets to stay current.

  • We subscribe to daily update email services like Cyber Daily.
Planning
  • All planning is driven by our ISMS.

  • Our key stakeholders update/AGM ("roadmap") is driven by our information security reviews.
Your Responsibilities
  • Manage access by your users; using user roles covering functional and data access, and authentication levels ie 2nd factor

  • Test your app to ensure it meets your security requirements as a "client/agent" running outside of the mydigitalstructure.cloud service.
SOME SPECIFICS
Data Location
  • ibCom manages its infrastructure services using Amazon Web Services exclusively.

  • All data is hosted within Australia by default.
Continuity
  • Continuity services are built into mydigitalstructure.cloud.  You can use these services as part of your organisations business continuity plan.

  • All user actions that change the state of your data are logged with in your space - this log data is available via standard mydigitalstructure.cloud methods - technical details @
    docs.mydigitalstructure.cloud/gettingstarted_continuity
Access To Your Data
  • Access to all user data and related infrastructure services is as per our ISO27001 externally certified Information Security Management System.

  • Access is limited to long-term employees.

  • User access is via named user accounts with MFA-TOTP authentication using AWS IAM.

  • All access is logged and monitored.
 
BP-ISO27001-17-Small.png
Protection & Security
FAQs
ISMS
Biological Risks
Testing
Continuity
ISO27001/17 Certification
ISO 27001/17 Statement of Applicability