Security in Depth Data Recording and Storage Policy

---

 At Security in Depth, we are committed to maintaining the highest standards of data security and privacy. This policy outlines our procedures for recording and storing data related to Cyber Assurance Risk Rating (CARR) programs, cyber events, and forensic examinations. It ensures our compliance with Australian Privacy Laws, Victorian Laws, and ISO27001:2022 standards. 

 This policy applies to all Security in Depth employees involved in the recording, storing, and managing of data related to CARR programs, cyber events, and forensic examinations. 

• Recording Platforms: All CARR programs, cyber events, and forensic examinations are recorded using Microsoft TEAMS.
• Data Encryption: Recordings are encrypted at rest and in transit using BitLocker to ensure data security and integrity.

• Storage Location: All recordings are stored within Security in Depth’s Microsoft Data Centre, strictly confined to Australian data centres.
• Data Encryption: Recordings are encrypted both at rest and in transit using advanced encryption technologies.
• Access Control: Only authorized Security in Depth staff have access to recordings. Access is granted based on the principle of least privilege, with all access and actions logged and monitored.
• Backup: All systems are backed up on a segregated server in a separate data centre, utilizing advanced encryption technologies both in transit and at rest.

• Australian Privacy Laws and Victorian Laws: All recording, storing, and handling of data comply with Australian Privacy Principles (APPs) and Victorian privacy regulations.
• ISO27001:2022 Standards: All data security measures adhere to ISO27001:2022 standards, supported by a robust Information Security Management System (ISMS).

• Retention Period: Recordings are retained as required by legal and regulatory requirements or business needs.
• Data Disposal: Recordings are securely disposed of after the retention period, ensuring data is irrecoverable.

•  Incident Management: Any breaches or security incidents involving recordings are managed according to our incident response plan, ensuring prompt investigation and remediation. 

• Policy Review: This policy is reviewed annually or as needed to ensure its relevance and effectiveness, with updates reflecting changes in legal, regulatory, and business requirements.

By adhering to this policy, Security in Depth ensures the security and privacy of data, aligning with Australian laws and ISO27001:2022 standards.

 For any inquiries regarding this policy, please contact us at legal@securityindepth.com or call us at 1300 041 042.