Information/Data Security Policy

Certification Oceania shall:

  1. show commitment to security at all levels of the organisation, with overall responsibility for security assigned;

  2. maintain an adequate level of security/data protection and privacy for the protection of client information;

  3. ensure that where there are security and privacy requirements as part of contractual agreements, laws and regulations, the strictest requirements shall be implemented;

  4. ensure that all Certification Oceania personnel and Certification Oceania contractors are made aware of the meaning of security, the importance of complying with this policy and their personal responsibilities for security, including reporting any witnessed or suspected security incident;

  5. in a timely manner, report all security incidents to the client, including, but not limited to, information or systems used for collection, use of and internal handling client information;

  6. conduct security internal audits at least annually and evaluate findings for possible corrective actions;

  7. have a documented security incident management process to detect and handle security incidents, in accordance with Certification Oceania’s Data Breach policy and procedures;

  8. ensure that access to client information is restricted to Certification Oceania personnel, authorised contracted assessors and accreditation bodies.



Last updated: 9 December 2020

© Certification Oceania Pty Ltd. All rights reserved. No part of this document may be reproduced, copied, stored in a retrieval system, distributed or transmitted in any form or by any means, including photocopying, scanning or other mechanical or electronic methods without the prior written permission of the copyright holder.