This Security Policy outlines the measures and procedures implemented by ePractice Technologies (“the Company”) to ensure the security of its website and application (“the Service”) and the protection of sensitive information. The Company is committed to maintaining the highest standards of security to safeguard the confidentiality, integrity, and availability of data.
This policy applies to all employees, contractors, and third-party service providers who have access to the Company’s website or are involved in the management and maintenance of the website.
Access Control: Access to sensitive data is restricted on a need-to-know basis. User access privileges are assigned based on roles and responsibilities. Two-factor authentication is enforced for administrative access.
Data Encryption: All sensitive data transmitted between the user’s browser and the Company’s servers is encrypted using industry-standard encryption protocols such as TLS (Transport Layer Security).
Firewall Protection: A firewall is deployed to monitor and control incoming and outgoing network traffic to prevent unauthorized access to the website and protect against cyber threats.
Regular Software Updates: All software, including operating systems, web servers, and applications, are regularly updated with the latest security patches to mitigate vulnerabilities.
Secure Coding Practices: Developers follow secure coding practices to prevent common security vulnerabilities such as SQL injection, cross-site scripting (XSS), and insecure direct object references.
Data Backup and Recovery: Regular backups of website data are performed to ensure data integrity and availability. Backup copies are stored securely and tested periodically for recovery readiness.
Incident Response Plan: An incident response plan is in place to promptly detect, respond to, and mitigate security incidents. All security incidents are documented, investigated, and reported as per regulatory requirements.
Employee Training: Employees undergo regular security awareness training to educate them about potential security threats, best practices, and their roles in maintaining website security.
Third-party Security Assessment: Third-party security assessments and audits are conducted periodically to identify and address security vulnerabilities and ensure compliance with industry standards and regulations.
The Company complies with relevant Australian laws and regulations, including but not limited to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), to protect the privacy and security of personal information collected through the website.
This Security Policy is subject to periodic review and revision to ensure its effectiveness and alignment with evolving security threats, technologies, and regulatory requirements. Updates to the policy will be communicated to all relevant stakeholders.
Failure to comply with this Security Policy may result in disciplinary action, up to and including termination of employment or contract, and legal consequences as per applicable laws and contractual agreements.
For any questions or concerns regarding website security or this Security Policy, please contact:
ePractice Technologies Pty Ltd.,
20.1, Level 20, 68 Pitt Street, Sydney NSW 2000 Australia
This Security Policy may be updated from time to time to reflect changes in our security practices or regulatory requirements. Any updates will be communicated to users via our website or other appropriate channels.
