Cyber and Information Security
At Infomedia, security is our top priority and we are committed to fostering a strong culture of security.
SOC 2 Type II
ISO 27001:2022
NIST framework
PCI DSS(SimplePart only)
Our Approach to Security and Data Protection
Maintaining customer trust is at the core of everything we do at Infomedia. Our customers rely on us to safeguard their confidential data and we take that responsibility seriously.
Every part of our organisation, from our culture and governance practices to our global infrastructure and operational processes, is designed to deliver a secure and resilient SaaS and DaaS environment.
Infomedia’s platforms and security frameworks are built to meet regulatory requirements and customer security requirements. We are committed to protecting our customers’ data, and helping streamline your audit and assurance processes.
Governance, Risk and Compliance
Our Governance, Risk and Compliance framework ensures cyber security is fully aligned with organisational goals and embedded across all teams. We establish clear, actionable policies and promote consistent adoption of security best practices to strengthen accountability and resilience.
Through structured risk management, we proactively identify, assess, and mitigate security risks, including third-party risks, while maintaining the agility to respond to emerging threats. Our comprehensive risk assessment processes support informed decision-making and continuous improvement.
We maintain strong compliance with global and local standards such as SOC 2, ISO 27001, the Privacy Act 1988 (Cth), and GDPR. This commitment reduces regulatory risk while enhancing trust, credibility, and confidence among customers and stakeholders.
Cloud & Infrastructure Security
Our Cloud and Infrastructure Security approach begins with strong identification capabilities, ensuring comprehensive visibility across all cloud and infrastructure assets. We accurately identify vulnerabilities and security gaps, providing a clear understanding of risk exposure across environments.
We implement robust protection mechanisms, including strong identity and access management controls and secure configuration standards, to safeguard systems and data. Continuous monitoring and enhanced detection capabilities enable early identification of threats, supported by effective system oversight and integrated threat intelligence.
In the event of an incident, we enable rapid and coordinated response through clear protocols and strong cross team collaboration. Our recovery capabilities focus on building resilient cloud and infrastructure environments that can restore operations quickly, minimise downtime and data loss, and continuously improve through lessons learned.
Data Security
Our Data Security framework begins with strong data handling practices, including data classification and clear lifecycle management processes. By defining how data is created, stored, used, shared, and disposed of, we promote responsible handling and reduce the risk of misuse or exposure.
We implement robust data protection measures supported by continuous monitoring to proactively prevent data breaches. Enhanced visibility into data usage and movement allows us to detect anomalies, enforce controls, and safeguard sensitive information across the organisation.
Our backup strategy ensures reliable and secure data recovery processes that maintain availability and integrity. In the event of an incident, data can be restored quickly to minimise downtime and business impact, while maintaining compliance with regulatory requirements for data retention and secure destruction.
People Training and Security Culture
Our People Training and Security Culture program promotes a strong security mindset across the organisation. We deliver comprehensive cyber security awareness and training programs tailored to different roles, ensuring employees understand their responsibilities and are equipped to act securely in their day-to-day activities. This fosters a proactive culture where security is seen as a shared responsibility.
Through regular exercises, including senior management tabletop simulations and phishing campaigns, we strengthen preparedness and improve incident response capabilities at all levels. These activities enhance employee resilience to social engineering threats and ensure leadership is ready to respond effectively during cyber incidents.
We also leverage data-driven cyber metrics to measure and improve employee security performance. By continuously monitoring key indicators and providing targeted feedback, we reduce risky behaviours and drive ongoing improvement in our overall security culture.
Additional information about Infomedia’s security practices, compliance certifications and other assurance resources can be accessed through the Trust Centre by submitting a request.