Security Statement

Information Security Management System Documentation

Document Version
2025.1
Effective Date
September 2025
Review Cycle
Annual
Classification
Public
Organisation: Precision IT Pty Ltd (ABN: 17 131 383 456)

1. Executive Summary

Precision IT Pty Ltd maintains a comprehensive Information Security Management System (ISMS) aligned with ISO/IEC 27001:2022 standards. This Security Statement documents our commitment to protecting information assets, maintaining business continuity, and ensuring regulatory compliance for our organisation and client base.

Our security framework encompasses administrative, technical, and physical controls designed to protect the confidentiality, integrity, and availability of information systems and data. This statement serves as a public declaration of our security posture and compliance obligations.

Scope: This statement applies to all Precision IT operations, including managed services delivery, cloud infrastructure management, cybersecurity services, and corporate functions affecting information security.

2. Information Security Policy Statement

Precision IT is committed to maintaining the highest standards of information security to protect our clients, employees, and business operations. Our Information Security Policy establishes the framework for:

  • Protecting information assets from unauthorised access, disclosure, modification, or destruction
  • Ensuring business continuity and minimising operational disruption
  • Maintaining compliance with applicable laws, regulations, and contractual obligations
  • Continuously improving our security posture through regular assessment and enhancement
  • Fostering a culture of security awareness throughout the organisation

Policy Authority: This policy is approved by senior management and applies to all employees, contractors, third-party service providers, and business partners with access to Precision IT information systems.

3. Compliance Framework & Certifications

Precision IT maintains compliance with multiple international and Australian security frameworks, standards, and regulations. Our compliance program ensures continuous adherence to best practices and regulatory requirements.

Primary Certifications

  • ISO/IEC 27001:2022 - Information Security Management System
    Certificate Number: [Certificate Number]
  • Microsoft Solutions Partner - Advanced Specialisations
    Security, Modern Work, Infrastructure

Australian Compliance

  • Essential 8 - ACSC Cybersecurity Framework
    Maturity Level 3 implementation
  • Privacy Act 1988 - Australian Privacy Principles
    Full compliance with APPs
  • Notifiable Data Breaches - Data breach response
    OAIC compliant procedures

4. Security Controls & Technical Measures

Our Information Security Management System implements comprehensive controls across administrative, technical, and physical domains. These controls are regularly reviewed and updated to address emerging threats and maintain compliance.

Administrative Controls

  • • Information Security Policy & Procedures
  • • Security Awareness Training Programme
  • • Access Control & User Management
  • • Incident Response & Business Continuity
  • • Vendor & Third-Party Risk Management
  • • Regular Security Assessments & Audits

Technical Controls

  • • Multi-Factor Authentication (MFA)
  • • Endpoint Detection & Response (EDR)
  • • Security Information Event Management (SIEM)
  • • Network Segmentation & Monitoring
  • • Data Encryption (in-transit & at-rest)
  • • Vulnerability Management & Patching

Physical Controls

  • • Secure Data Centre Facilities
  • • Access Control Systems & CCTV
  • • Environmental Monitoring
  • • Asset Management & Tracking
  • • Secure Disposal & Media Sanitisation
  • • Business Continuity & Disaster Recovery

Essential 8 Implementation Status

Application WhitelistingMaturity Level 3
Patch ApplicationsMaturity Level 3
Configure Microsoft Office Macro SettingsMaturity Level 3
User Application HardeningMaturity Level 3
Restrict Administrative PrivilegesMaturity Level 3
Patch Operating SystemsMaturity Level 3
Multi-factor AuthenticationMaturity Level 3
Regular BackupsMaturity Level 3

5. Risk Management & Business Continuity

Precision IT maintains a comprehensive risk management framework that identifies, assesses, and mitigates information security risks. Our approach ensures business continuity and minimises the impact of security incidents.

Risk Assessment Process

  • 1
    Asset Identification
    Comprehensive inventory of information assets and systems
  • 2
    Threat & Vulnerability Analysis
    Regular assessment of security threats and system vulnerabilities
  • 3
    Impact & Likelihood Evaluation
    Quantitative and qualitative risk assessment methodology
  • 4
    Risk Treatment Planning
    Development of risk mitigation strategies and controls

Business Continuity Measures

  • Disaster Recovery Planning
    Comprehensive DR procedures with defined RTOs and RPOs
  • Backup & Recovery Systems
    Automated backups with regular recovery testing
  • Incident Response Team
    24/7 security incident response capability
  • Crisis Communication
    Established procedures for stakeholder notification

6. Email Marketing & Newsletter Security

Precision IT maintains secure practices for email marketing and newsletter communications, ensuring subscriber data protection and compliance with Australian marketing regulations.

6.1 Email Platform Security

We utilize Mailchimp as our email marketing platform, which maintains industry-standard security certifications including:

  • SOC 2 Type II certification for security, availability, and confidentiality
  • ISO 27001 certified information security management
  • PCI DSS compliance for payment card data protection
  • 256-bit TLS encryption for all data transmissions

6.2 Subscriber Data Protection

Data Collected

  • • Email addresses
  • • Names (when provided)
  • • Company information
  • • Subscription preferences
  • • Engagement metrics

Security Measures

  • • Encrypted storage at rest
  • • Secure API authentication
  • • Access control and audit logs
  • • Regular security assessments
  • • Data retention policies

6.3 Compliance & Best Practices

  • Spam Act 2003 Compliance: All marketing emails include clear identification, unsubscribe mechanisms, and are sent only to opted-in subscribers
  • Data Minimization: We collect only essential information required for newsletter delivery and service communications
  • Access Controls: Newsletter subscriber data access is restricted to authorized marketing personnel only
  • Cross-Border Data: Subscriber data may be processed in the United States under appropriate security safeguards

Subscriber Rights

Newsletter subscribers maintain full control over their data and can:

  • • Unsubscribe at any time via email links
  • • Request data deletion or modification
  • • Update communication preferences
  • • Access their stored information upon request

7. Monitoring, Measurement & Review

Our Information Security Management System undergoes continuous monitoring and regular review to ensure effectiveness and continuous improvement. We maintain comprehensive metrics and reporting mechanisms to track security performance.

Security Metrics

  • • Security incident frequency and severity
  • • Vulnerability assessment results
  • • Compliance audit findings
  • • Security awareness training completion
  • • System availability and performance

Review Activities

  • • Monthly security committee meetings
  • • Quarterly risk assessments
  • • Annual management reviews
  • • External security audits
  • • Penetration testing programs

Improvement Process

  • • Corrective action planning
  • • Preventive measure implementation
  • • Security control enhancement
  • • Policy and procedure updates
  • • Technology upgrade planning

8. Contact Information & Documentation Requests

For questions about this Security Statement, detailed security documentation, or compliance-related inquiries, please contact our Information Security team.

Information Security Officer
security@precisionit.com.au
Security Hotline
1300 964 404
Head Office
Office 437/34-36 Glenferrie Drive, Robina, QLD 4226

Available Documentation

  • ISO 27001 Certificate
    Current certification documentation
  • Essential 8 Assessment
    Maturity level documentation
  • Security Questionnaires
    Vendor assessment responses

This Security Statement is a public document that provides an overview of Precision IT's Information Security Management System. Detailed security policies, procedures, and technical specifications are available to authorised parties under appropriate confidentiality agreements.

Document Classification: Public | Version: 2025.1 | Effective Date: September 2025 | Next Review: September 2026

Ready to Transform Your IT?

Let's discuss how Precision IT can elevate your business technology

1300 964 404Get Started