SafetySuite provides WH&S business processes to its customers that by its very nature requires the processing and storage of sensitive information. C-Net Pty Ltd is committed to protecting the information of its customers and preventing unauthorized disclosure, use, modification, or access to such information stored within SafetySuite.
We recognize the importance of appropriate information security policies and procedures to protect the security of customer data. This document summarises the controls embodied in the program, including some specific information concerning encryption, access control, and authentication.
SafetySuite protects customer information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction by employing industry standard. C-Net Pty Ltd operates in a manner specifically designed to maintain reasonable and appropriate administrative, physical, and technical safeguards to:
- Provide assurances of the integrity and confidentiality of customer information,
- Protect against any reasonably anticipated threats or hazards to the security or integrity of customer information, and unauthorized uses or disclosures of customer information,
- Maintain compliance with the legal framework of requirements for the privacy and security of customer information.
SafetySuite maintains reasonable and appropriate access control and authentication safeguards to control access to customer information. Users are authenticated by the procedures and technical mechanisms required of the customer implementation.
SafetySuite services permit customers to control access to customer information by its users. Data in SafetySuite is protected by role based permissions that can be set on a user-by-user basis. Our services have built-in integration with SAML-based SaaS Single Sign On (SSO) services, and support MFA, Active Directory, Federated Access Controls and other required processes.
SafetySuite’s most important concern is the protection and reliability of customer data. Our servers are protected by modern firewall systems and our administrators scan the environment regularly to ensure that any vulnerabilities are quickly found and patched.
Our systems undergo application penetration tests twice a year by an independent third-party and any feedback or issues from those audits are quickly adopted into the environment. All services have quick failover points and redundant hardware, with backups performed daily to alternate locations.
Access to our application systems is restricted to specific individuals who are required to administer the system, and customer databases are not accessed by our team unless specifically required to as part of a support (ticketed) process. Access to customer systems is monitored and audited for compliance.
Data in transit
SafetySuite uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data and have processes in place to support AES-256 symmetric key encryption. Our services are hosted by trusted data centres that are independently audited.
Hosting & Data Centres
SafetySuite currently uses an industry-leading third-party hosting and colocation facility as providers of storage and platform services. Our hosting and colocation providers have been certified as meeting the requirements under the following programs:
- ISO 27001
- SOC 1 Type II
- SOC 2 Type II
- ISO 14001:2015.
C-Net Pty Ltd trains its employees and resellers/partners to understand and comply with the security processes in place to protect customer data. All employees undergo security background checks.
C-Net Pty Ltd regularly assesses threats to confidentiality, integrity, and availability of customer information; managing such risks by implementing safeguards that are reasonable and appropriate.
C-Net Pty Ltd has designated a single individual to be the primary coordinator of, and accountable for, information security within the company.
Contact Information and Resolving Disputes
If you would like to discuss this security statement or provide us with feedback, questions, or concerns about our security statement, please contact us by email at email@example.com. You may also write to us at:
C-Net Pty Ltd.
Level 4, 152 Elizabeth Street.
If you have a complaint about our customer information security practices, you may submit a complaint to us at the above contact information. Our security and compliance team will investigate your complaint and provide a response. You will need to provide sufficient information for us to evaluate your complaint and we may ask you to provide additional information as a condition of evaluation.