top of page
Search

Security Policy

Updated: Mar 12, 2025


This Security Policy establishes the framework for protecting against security threats and ensuring compliance with Australian regulations and international best practices.
Ascend GRC Security Policy

Security Policy


1. Purpose

Ascend GRC is committed to safeguarding its information, physical assets, and personnel to ensure the confidentiality, integrity, and availability of its resources. This Security Policy establishes the framework for protecting against security threats and ensuring compliance with Australian regulations and international best practices.


2. Scope

This policy applies to all employees, contractors, board members, volunteers, and any third parties with access to Ascend GRC’s systems, premises, and data.


3. Definitions

  • Information Security: Measures to protect digital and physical information from unauthorised access, disclosure, modification, or destruction.

  • Cybersecurity: The protection of computer systems, networks, and data from cyber threats.

  • Physical Security: Safeguards to prevent unauthorised access to facilities, equipment, and resources.

  • Incident Response: A structured approach for managing security breaches or threats.


4. Policy Statement

Ascend GRC is dedicated to:

  • Protecting Information & Systems – Implementing robust cybersecurity measures to prevent data breaches.

  • Ensuring Physical Security – Restricting access to facilities and assets to authorised personnel only.

  • Maintaining Compliance – Adhering to relevant legal, regulatory, and contractual security requirements.

  • Promoting a Security Culture – Training employees and stakeholders in best security practices.

  • Monitoring & Responding to Threats – Establishing proactive threat detection and incident response mechanisms.


5. Responsibilities

  • Board of Directors: Oversee security governance and risk management.

  • Executive Management: Enforce security policies and allocate resources.

  • IT & Security Team: Maintain and update security infrastructure, conduct risk assessments, and respond to incidents.

  • Employees & Contractors: Comply with security protocols and report any suspicious activity.


6. Security Measures

  • Access Controls: Enforce role-based access and multi-factor authentication.

  • Data Protection: Encrypt sensitive information and ensure secure storage.

  • Network Security: Deploy firewalls, intrusion detection, and endpoint protection.

  • Physical Security: Implement ID verification, surveillance, and secure facility access.

  • Incident Response & Business Continuity: Maintain a security incident response plan and business continuity strategy.


7. Compliance & Enforcement

Non-compliance with this policy may result in disciplinary action, termination of access rights, or legal action.


8. Related Legislation & Standards

  • Privacy Act 1988 (Cth) & Australian Privacy Principles (APPs).

  • Security of Critical Infrastructure Act 2018 (Cth).

  • ISO 27001: Information Security Management.

  • Australian Cyber Security Centre (ACSC) Essential Eight.


9. Review & Approval

This policy will be reviewed annually by the Board of Directors to ensure ongoing effectiveness and alignment with security risks.



10. Contact Information

For queries regarding this policy, please contact:

Ascend GRC Compliance Team

bottom of page