Data Security Policy

Last updated: 26th August 2024

Our
security
committment

Our values underpin who we are and what we do.

At Futureproof Consulting we are committed to safeguarding the confidentiality, integrity, and availability of all physical and electronic information assets to ensure that regulatory, operational, and contractual requirements are fulfilled. Please read our data security policy below carefully.

1. INTRODUCTION

As a consultancy firm dedicated to developing and implementing sustainability and ESG strategies, Futureproof manages a large number of confidential documents.
At Futureproof we are committed to safeguarding the confidentiality, integrity, and availability of all physical and electronic information assets to ensure that regulatory, operational, and contractual requirements are fulfilled.

The information we collect through our website and during the development of our projects is used to enhance the services we provide to you. We are committed to respecting the privacy and confidentiality of the information you share with us, aligned with the Australian Privacy Principles. This policy outlines the security measures implemented to protect client data and ensure ethical management of all information.

2. SCOPE

This policy applies to all employees, contractors, partners, and any other parties who have access to Futureproof’s information systems and confidential client data.

3. OBJECTIVES

  • To protect client information and intellectual property from unauthorised access, disclosure, alteration, or destruction.
  • To ensure compliance with applicable legal, regulatory, and contractual obligations.
  • To maintain a high level of trust with our clients by ensuring the ethical management of their data.

4. INFORMATION SECURITY PRINCIPLES 

  • Confidentiality: Information will be accessible only to those authorised to have access.
  • Integrity: Safeguarding the accuracy and completeness of information and processing methods.
  • Availability: Ensuring that authorised users have access to information and associated assets when required.

5. ACCESS CONTROL

  • The information submitted by visitors through our website’s contact form will be accessed and used strictly in accordance with the preferences specified by the visitor on the form
  • Access to client information will be restricted to authorised project participants according to their role and responsibilities stipulated on the project plan

6. DATA HANDLING

  • Confidential information must not be shared without appropriate authorisation.
  • Physical documents containing confidential information should be stored in locked cabinets or secure areas, and shredded when no longer needed.

7. DATA RETENTION AND DISPOSAL

  • Client data will be securely stored for a period of five years, beginning from the date of contract signing, in alignment with industry best practices and regulatory requirements.
  • After the five-year retention period, the data will either be securely deleted or destroyed, unless required by law to be retained for a longer period.

8. INCIDENT MANAGEMENT

  • All security incidents, including breaches of confidentiality, must be reported immediately to the Managing Director, who will lead the incident management and notify the parties affected.
  • An incident response plan will be in place to handle security incidents promptly and effectively.

9. EMPLOYEE TRAINING

  • All employees and contractors will be briefed on our Information Security Policy and our data management system.
  • Employees are required to acknowledge their understanding of and compliance with the Information Security Policy.

10. MONITORING REVIEW

  • The Information Security Policy will be reviewed annually or as required to ensure it remains appropriate and effective.
  • Compliance with the policy will be monitored regularly through audits and assessments.

11. CLIENT ASSURANCE

Futureproof is dedicated to managing client data to the highest ethical standards. Our commitment to information security ensures that our clients can trust us with their sensitive information, knowing that we adhere to strict protocols to protect it.