Cyber Matters | How We Protect Our Clients' Data

Policies > Security Statement

Last Updated on 6 Jan 2026

How We Protect Our Clients' Data

At Cyber Matters, we recognise the significance of safeguarding your sensitive data and maintaining the trust and confidence of our clients and partners. In an ever-evolving digital landscape, information security is not just an essential aspect of our operations; it is an uncompromising value to which we are steadfastly committed.

Compliance Status

ISO 27001

Certification in Progress
(June 2026 Completion)

ISO 42001

Certification in Progress
(September 2026 Completion)

SOC 2

Type 2 Audit in Progres
(June 2026 Completion)

CSA STAR

Level 1
Self-Attestation

ASD Essential 8

Level 3
Self-Assessment

Request Documentation

Access our security reports, including External Penetration Tests, CAIQ, and Compliance Attestations.

Request Documents

Compliance Monitoring

🔧

App Security

Password Policy

Quarterly Vulnerability Scan

Responsible Disclosure (Bug Bounty)

Security Patches Automatically Applied

Security Policy

Security Training

🛡️

Data Security

Annual Review of Purposes

Annual Risk Assessment

Anti-Malware Capabilities

Anti-Malware Scans of Media

🖥️

Infrastructure Security

AI Risk Management Policy

AI Risk Tracking

AI System Opt-Out

Annual Incident Response Test

Annual Performance Evaluations

Subprocessors

Amazon Web Services • Hubspot • Google Workspace • Stripe • Atlassian • Ignition • Xero

Security & Privacy FAQs

How do you handle our sensitive project data? +

We follow the principle of least privilege. Project data is restricted to only the consultants assigned to your engagement, and all data is purged from our active systems 30 days after the project's conclusion unless otherwise agreed.

Do you perform background checks on your consultants? +

Yes. All Cyber Matters staff undergo rigorous background checks, including criminal history and reference checks. Consultants working on sensitive Australian projects often hold or are eligible for relevant security clearances.

How does Cyber Matters manage its own internal security? +

We "drink our own champagne" by maintaining a strict internal security program. This includes mandatory Multi-Factor Authentication (MFA) on all accounts, encrypted endpoints, and continuous compliance monitoring via Drata.

What insurance coverage do you maintain? +

Cyber Matters maintains comprehensive Professional Indemnity and Cyber Liability insurance to provide our clients with peace of mind regarding the advice and services we deliver.

How do you ensure the security of your subprocessors? +

We conduct annual security assessments of all third-party vendors. We only partner with subprocessors who maintain recognized certifications such as SOC 2 Type 2 or ISO 27001.

Our Information Security Principles

Commitment to Privacy and Confidentiality

In accordance with the Australian Privacy Act 1988, including the Australian Privacy Principles, we are dedicated to ensuring the confidentiality and privacy of our clients’ data. Our policies, procedures, and technology are tailored to protect your information from unauthorised access and disclosure.

Integrity and Data Protection

Our systems and processes are designed to safeguard the accuracy and integrity of your data. We continually strive to ensure that information is available and usable when needed and that it remains unaltered from its original state.

Resilience against Cyber Threats

Adhering to the Australian Cyber Security Centre (ACSC) guidelines, we have implemented robust cyber security measures to protect against potential threats and vulnerabilities.

Compliance with Regulations

We are committed to complying with the Australian legal and regulatory requirements. This includes the Notifiable Data Breaches (NDB) scheme, which requires us to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.

Continuous Improvement and Adaptation

In line with the fast-paced and evolving nature of cyber threats, we actively engage in regular reviews and updates of our security practices. Our proactive approach ensures that we remain at the forefront of security compliance and risk management.

Education and Awareness

We believe that security is everyone’s responsibility. We invest in continuous education and awareness programmes for our staff to ensure they are well-equipped to identify and mitigate potential security risks.

Incident Response and Management

We have implemented a comprehensive incident response and management strategy to promptly and effectively address any security breaches or incidents. This involves identifying, managing, and mitigating risks in compliance with the Australian Standard AS/NZS ISO/IEC 27035:2011 for information security incident management.

Transparent Communication

We foster open communication with our clients regarding our security practices. Our commitment to transparency helps in building and maintaining trust, and we are here to assist you with any queries or concerns regarding data security.

Check back for changes.
We update our policies regularly.

If you have a query about our policies or practices, please contact us on hello@cybermatters.com.au