About CT
Security and Governance
As an engineering led business, our executive team is the driving force behind our stringent security practices, continuously pushing us to further harden our systems, practices and processes and therefore, unlike most other organisations, our internal teams don’t have to fight for the investment in cyber security resilience.
Protected
We are passionate about ensuring that security is baked into our solution designs from the onset and when coupled with the security practices we employ internally, our customers benefit. The basis of our controls are derived from the Australian Cyber Security Centre Information Security Manual and are coupled with the following certifications and initiatives:
When we say protected, we mean PROTECTED. Our data hosting services are certified to the Protected level under the Federal Government’s Hosting Certification Framework.
As a member of the Defence Industry Security Program, we provide Security Cleared Personnel to a wide range of organisations. This means you get a higher level of security, no matter your industry.
We engage third party penetration testers to perform both internal and external penetration testing against our platforms and systems on an annual basis, and we combine this with weekly vulnerability scans which are performed by our team.
Security controls baked in
The security of our systems and operations are of paramount importance to us and therefore, we invest a significant amount of time and money into our cyber programs. The below initiatives and controls are just some of the security elements spanning our operations
- We target the ACSC Essential 8
- Maturity Level 3.
- Our users
- undergo regular cyber security awareness training.
- We are a Network Partner
- within the Australian Cyber Security Centre.
- We have over 400 security controls
- in place across our environment.
- We have active monitoring and response
- implemented across our environment.
- Our Security Controls and Frameworks
- are reviewed regularly and externally audited.
- We do not permit any third-party vendor to have unsupervised access
- to any of our systems.
- We have implemented a Supply Chain Risk Management Framework
- compliant with the ISO 31000 Risk Management Standard.
- We employ a dedicated Compliance Manager
- who is responsible for internally auditing our Information Management System and associated controls.
- We actively contribute threat intelligence data
- with other entities and utilise a wide array of third-party threat feeds in the protection of our systems and networks.
- Our Chief Technology Officer
- is responsible for our internal Cyber Security programs, maturity, continual improvement and ensuring we are meeting our internal and external security commitments.
- We uphold comprehensive cyber insurance coverage
- to fortify our defense against potential digital threats and ensure the resilience of our cybersecurity measures.
- We are a member of AusCERT.
- reinforcing our commitment to staying at the forefront of cybersecurity awareness and collaboration for the benefit of our stakeholders and the broader digital community.
- We operate under a Zero Trust architecture.
- exemplifying our unwavering dedication to ensuring the highest level of security by continuously scrutinising and validating every aspect of our digital environment.
- We have implemented an Insider Threat Program
- - a commitment to preemptively identify and mitigate potential internal risks, thereby fortifying the overall security posture of our organization.
- We ensure that you are protected at all times
- , employing state-of-the-art measures and vigilant monitoring to safeguard your security around the clock.
Risk Management Framework
As a risk adverse organisation, we maintain a stringent Risk Management Framework, compliant with ISO 31000 which is owned by our Executive Team and administered by our Compliance Manager. Our framework prioritises the removal of risks from our business and where this isn’t possible, mitigating these risks through the implementation of controls to reduce the probability of a risk occurring and/or the impact of the risk should it eventuate. We foster a risk adverse culture which translates to a thorough understanding of our obligations towards our customers, stakeholders and the communities in which we work, play and serve.
As risks are identified within our business, these are logged in our Risk Register with priority given to the mitigation and implementation of counter controls to manage the risk. Our Risk Register is reviewed on a monthly basis by our Chief Executive Officer and the wider Executive Team.
Get cyber secure
If you’d like to learn more about how we can keep you secure, or would like to report a cyber incident, get in touch.