top of page
The Value Learning Logo in deep green and black

Data and Internet Security Statement

In order to maintain the security of our systems, software and hardware we will:

 

  • Keep operating systems updated with latest security patches, auto updates recommended.

  • Use security suite anti-virus software and keep it updated, schedule regular scans. Software should include malware removal. Auto updates required.

  • Secure private Wi-Fi network with passwords, and do not use default provided by network.

  • Use strong passwords, use password manager, LastPass, to ensure that all passwords are at least 10 digits and combine random strings of upper and lower-case letters, numbers, and symbols. Exceptions only when specific password rules exclude this rule.

  • Use different passwords on different accounts. There should be no passwords which are the same. Any joint accounts should have the passwords shared through last pass only, for example- Canva.

  • Check device settings and management tools to ensure that old passwords are not stored on individual computers or mobile devices.

  • Enable Multi-Factor Authentication wherever possible and especially with sensitive information including with Google Drive, financial accounts, mobile devices.

  • Close all accounts which are unused. That reduces your vulnerability to a security breach.

  • Change passwords at least annually. Regular password changes reduce the risk from unannounced data breaches.

  • When changing computers, wipe the old hard drive properly. Use a data destruction program to wipe the drive completely, overwriting all the data on the disk.

  • Back up files. Use a separate backup on a removable drive, alternate cloud storage, ensuring data is safe in the event of a breach.

  • Secure phone. Use a screen lock and update phone's software regularly.

  • Exercise caution when clicking on links and providing personal identifying information.

  • Unsolicited emails may link to websites may be phishing attempts. Use the anti-virus program to scan attachments. Contact companies directly if suspicious of email or attachment.

  • When accessing your accounts, make sure to use the secure HTTPS protocol and not just HTTP.

  • Be careful when sharing personal information and don't give it out unless necessary.

Secure Access Control

All data should be shared on a need to use basis, the principle of least privilege. Client data should only be shared when necessary and to team members who have secure technology systems.

The Directors of Value Learning

  • have access to all data and have owner and administrator rights to software, cloud storage, platforms, and applications.  provide access to files as required by others and ensure access is revoked at the end of an employment term, project or contract.

  • delete data files on completion of projects when requested or in contract. 

  • review cyber security requirements, policies and actions on at least an annual basis and ensure systems are working and update where required.

​

Project coordinators and employees

  • have access to files and data as required to complete their responsibilities.

  • agree to delete files and information at the end of the project or when their contract is

  • finished.

  • agree to comply with all security, privacy and intellectual property requirements as part of their position.

​

Social Media and other Communication
Directors, contractors and staff agree to represent the values, integrity and security of Value Learning when communicating in public. This can be in person, on social media, by email, on behalf of the organisation or as an individual.    

Cyber Incident Response

Value Learning has internet security systems in place and strong processes for protection of systems and data. However, at the point of recognising there has been any incident or breach related to security or data storage we will act quickly in order to return business to normal as soon as possible and safeguard systems and information.

  • Isolate the system

  • Immediately change passwords

  • Ensure the security of information in back up

  • Notify individuals who have been impacted

  • Seek advice from internet security providers as to the likely impact.

  • Evaluate the incident and update procedures and training if required.

  • Continue to monitor systems when they return to normal.

  • It is possible financial records or identity information could be compromised, advise financial institutions including the taxation or other government agencies if relevant, and put stop on accounts where necessary.

​

In some cases, breaches should be reported to the Office of The Australian Information Commission (OAIC). An eligible data breach occurs when there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an organisation holds and this is likely to result in serious harm to one or more individuals.

Training

All directors, staff, contractors and interns should read these guidelines prior to commencement and review the small business Cyber Security Guide at Cyber.gov.au. Regular reminders will be made on the importance of cyber security.

Value Learning Security Statement. This statement was updated in September 2022 and will be reviewed at least every year to ensure it remains up to date.

Although it is impossible to guarantee no security or data breach will occur at any time, Value Learning is committed to securing our IT systems and data to protect our client information, our business data and our financial and other records. We will ensure we adhere to good security habits and regularly monitor our systems.

 

Directors and staff must ensure their cyber systems and devices are secure and should adhere to these guidelines. All new team members on specific projects or working directly for Value Learning will complete the initial security training requirements and agree to maintain effective security systems and agree to these requirements.

bottom of page