SolidCo Pty Ltd
ABN 41 680 244 446
Information Security Statement
Version 1.0
1. Our Commitment
SolidCo Pty Ltd (“SolidCo”, “we”, “our” or “us”) takes the security of personal information and client data seriously. We maintain appropriate technical and organisational measures designed to protect data against unauthorised access, disclosure, alteration and loss. This statement provides an overview of those measures. It is not exhaustive and may evolve as our services and the threat landscape change.
2. Governance
Security is managed as part of our day-to-day operations. We aim to apply recognised good practice, keep our policies current, and assign clear responsibility for security matters within the business.
3. Encryption
- Data transmitted between users and our services is protected using encryption in transit (HTTPS/TLS).
- Data at rest is encrypted where supported by the underlying platform or where otherwise appropriate.
4. Access Control & Authentication
- Access to systems and data is granted on a least-privilege, need-to-know basis.
- Multi-factor authentication (MFA) is used for administrative and sensitive systems where available.
- Role-based access controls restrict access to production systems and client data.
- Access is reviewed periodically and revoked promptly when no longer required.
5. Infrastructure & Hosting
We host services with reputable cloud infrastructure and security providers that maintain robust physical and environmental security and recognised industry certifications. Our current providers are listed in our Subprocessor Policy.
6. Network & Application Security
- Edge security, firewalls and a Web Application Firewall (WAF) help protect against common threats.
- We follow secure development practices and apply security considerations throughout the development lifecycle.
- Where appropriate, we separate environments (for example development, staging and production).
7. Monitoring & Logging
Relevant systems generate logs to support monitoring, troubleshooting and the detection of suspicious activity. Logs are retained for a reasonable period in line with operational needs.
8. Vulnerability & Patch Management
We keep software and dependencies up to date and apply security patches in a timely, risk-based manner. We monitor for known vulnerabilities affecting the technologies we use.
9. Backups & Continuity
- Backups are performed for key systems and data to support recovery.
- We maintain business continuity and disaster recovery processes proportionate to the services we provide.
10. Incident Response
We maintain procedures to identify, contain, assess and respond to security incidents and personal data breaches. Where a breach affects client personal data, we will notify affected clients in line with our obligations. Further detail is set out in our Compliance & Data page.
11. Personnel Security
Our personnel are subject to confidentiality obligations and receive guidance on handling data securely. Access to data is limited to those who need it to perform their role.
12. Subprocessor Security
We perform reasonable due diligence on subprocessors and require them to maintain appropriate security measures. Each subprocessor remains independently responsible for the security of its own systems. See our Subprocessor Policy for more information.
13. Responsible Disclosure
If you believe you have found a security vulnerability affecting SolidCo or a service we operate, please contact us so we can investigate. We appreciate responsible disclosure and will work to address confirmed issues promptly.
14. Contact
Privacy Officer
SolidCo Pty Ltd
ABN 41 680 244 446