Information Brokers Pty Ltd (Information Brokers) commits to its customers that it will conduct certain objectives in relation to the services provided. These commitments are documented and reviewed by management to ensure that the operations, reporting, and compliance objectives are aligned with the company’s mission to maintain Information Security. Information Brokers is committed to continual improvement of our Information Security Management System. This is recorded through various polices, procedures, security documents and a terms of service that are available to customers via Information Brokers’ public-facing website.
Specific security, availability, and confidentiality commitments include the following:
- Maintain technical and organizational measures, internal controls, and data security routines to protect customer data
- Protection of data at rest and in transit
- Protection of information systems from unauthorised access, use, modification, disclosure, destruction, threats, or hazards
- Continuous communication of the Information Brokers’ service availability
- Ability to recover and restore customer data in the event of a business disruption or disaster
- Maintain customer data as confidential and not disclose information to any unauthorised party
- Customer data is retained for a period of five years, following the termination of the customer agreement and then removed from Information Brokers’ systems
Information Brokers has also established system requirements that support the achievement of the Information Security Policy relevant to the security, availability, and confidentiality trust services categories and relevant laws and regulations. These requirements are communicated internally via the information security policies and procedures and regular security awareness training documentation, and externally via Information Brokers’ public-facing website.
These requirements include, but are not limited to, defined processes around the following:
- Employees undergo background checks prior to employment and renewed at least every 3 years
- Employees undergo security awareness training upon hire, and annually thereafter
- Roles and responsibilities for Information Brokers employees who have access to confidential data and the responsibility for protecting the information and information systems
- Access control policies for employees with access to Information Brokers’ production environment and source code such that access levels are approved prior to credentials being issued, reviewed at predefined intervals, and based on legitimate business need based on the principle of least privilege
- Software development lifecycle (SDLC) policies for any changes to the production environment to ensure that key processes and security checks are consistently performed from change initiation through release
- Risk assessment practices to assist in identifying and managing potential internal or external risks that could negatively affect Information Brokers’ critical business processes and our ability to provide reliable services to our customers
- Incident management processes to address data breaches and security events related to Information Brokers’ products and services in an efficient and timely manner
- Disaster recovery and business continuity plans to prepare Information Brokers in the event of extended service outages caused by factors beyond our control and to restore services to the widest extent possible in a minimal timeframe
Information security policies define an organization-wide approach to how systems and data are protected. These include policies around how the service is designed and developed; how the system is operated; how the internal business systems and networks are managed; and how employees are hired, trained, and managed.
In addition to these policies, standard operating procedures have been documented on how to carry out specific manual and automated processes required in the operation and development of Information Brokers systems.
Rod Keys
Chief Executive Officer
View PDF Copy
Version 1.2
Last Reviewed: January 2026
