Our Approach
Our approach integrates secure system design, controlled access, monitoring, and risk management across the full lifecycle of our platform. We follow a defence-in-depth strategy that combines technology, processes, and people to reduce risk and ensure the confidentiality, integrity, and availability of data and services.
Core Capabilities
Secure by Design
Security is embedded into system architecture from initial design through to deployment.
Access Control
We enforce least‑privilege access, strong identity management, and multi‑factor authentication.
Monitoring & Response
Continuous monitoring, threat detection, and incident response help us act quickly and minimise impact.
Risk Management
We identify, assess, and manage risks across our systems, suppliers, and operational environments.
Data Protection
We implement controls to ensure data is protected at rest and in transit using encryption and secure key management. Data is stored within controlled environments, and access is restricted to authorised personnel only. Our practices align with applicable laws and regulatory obligations across Australia, Hong Kong, and other jurisdictions in which we operate.
Compliance
Our cyber security framework aligns with internationally
recognised standards and industry best practices, including
ISO/IEC 27001, the NIST Cybersecurity Framework, and
applicable regulatory requirements such as the Australian
Cyber Security Centre (ACSC) Essential Eight.
We regularly review and audit our controls to ensure ongoing
compliance and effectiveness.
Security Operations
We maintain 24/7 monitoring of critical systems, supported by automated alerts and escalation procedures. Our incident response plan ensures that security events are detected, contained, and remediated in a timely and effective manner.
Third Party Management
We assess and manage security risks associated with our suppliers and partners. All third parties are required to meet our security standards and undergo regular reviews.
Our People and Culture
Security is everyone's responsibility. We provide ongoing training and awareness programs to ensure our people understand their role in protecting systems, data, and information.
Continuous Improvement
We continuously evolve our security program in response to emerging threats, technology change, and lessons learned. Regular testing, audits, and reviews help us strengthen our resilience.
Contact
If you have any questions about our cyber security practices or wish to report a security concern, please contact our security team: