Contact Us

Security And Policies

  • Home
  • Security And Policies

1. Purpose:

This policy defines the security requirements for remote access to Bravas Technology’s systems to ensure the protection of sensitive data and maintain the integrity of company resources. It mandates the use of Multi-Factor Authentication (MFA) and controlled network access to mitigate risks associated with remote work.

2. Scope:

This policy applies to all personnel, including employees, independent contractors, and third-party service providers, who require remote access to Bravas Technology’s systems and services. It covers:

  • Cloud-based platforms (e.g., Google Workspace, HubSpot, SafetyCulture, Employment Hero, Trello, QuickBooks).
  • Company-owned devices and approved personal devices used to access company systems remotely.
  • Client workspaces accessed on behalf of Bravas Technology’s services.

3. Remote Access Guidelines:

To ensure the security of Bravas Technology’s systems, all remote access must comply with the following guidelines:

Secure Network Usage :

  • Remote access should only be conducted over secure and trusted networks.
  • Public or unsecured Wi-Fi networks must be avoided; if necessary, users must enable a Virtual Private Network (VPN) to establish a secure connection.

Multi-Factor Authentication (MFA) :

  • MFA must be enabled and used for accessing all company systems, including Google Workspace, HubSpot, SafetyCulture, Employment Hero, Trello, and QuickBooks.
  • Users must configure MFA using company-approved authentication methods (e.g., authenticator apps, security keys).
Device Security: 
  • Devices used for remote access must have up-to-date security patches, firewalls, and antivirus software installed.
  • Lost or compromised devices must be reported immediately to the Director, Darcy Patterson for investigation and necessary action.

4. Responsibilities:

User Responsibilities:

  • Ensure MFA is configured and actively used for all required platforms.
  •  Connect only through approved secure networks and avoid public Wi-Fi unless using a VPN.
  • Maintain strong, unique passwords and adhere to company Access Control & Passwords Policy.
  • Report any suspicious activity or unauthorized access attempts immediately to the Director.

Bravas Technology Responsibilities:

  • Conduct regular security audits to ensure compliance with remote access protocols.
  • Enforce access reviews to verify that only authorized personnel have remote access privileges.
  • Provide training and guidance on secure remote access practices to employees and contractors.
  • Monitor login activity and investigate unusual access patterns.

5. Monitoring & Compliance:

Bravas Technology continuously monitors its remote access security through:

  • System access logs to track login attempts and detect anomalies.
  • Automated security alerts for unauthorized access attempts.
  • Quarterly compliance audits to assess adherence to MFA and remote access security requirements.

Failure to comply with this policy may result in:

  • Suspension or revocation of remote access privileges.
  • Termination of contract or employment for repeated non-compliance.
  • Legal action, if unauthorized access results in data breaches or security incidents.

6. Policy Review & Updates:

This policy will be reviewed annually or updated as required to align with new cybersecurity threats and industry best practices. Any changes will be communicated to all personnel, and compliance training will be conducted as needed.

Acknowledgment & Agreement
By accessing Bravas Technology’s systems remotely, all personnel confirm they have read, understood, and agree to comply with this policy. Failure to adhere to this policy may result in restricted access or disciplinary action.

1. Purpose:

This policy establishes a structured approach for identifying, reporting, responding to, and mitigating cybersecurity incidents that could impact Bravas Technology’s systems, data, and client operations. It ensures that security threats are handled promptly and effectively to minimize potential risks.

2. Scope:

This policy applies to all employees, independent contractors, and third parties with access to Bravas Technology’s systems, data, and business applications. It encompasses:

  • Cybersecurity incidents, including data breaches, phishing attacks, malware infections, and unauthorized access.
  • System compromises, such as account hijacking, credential leaks, or misconfigurations.
  • Operational disruptions caused by cybersecurity threats or system failures.

3. Incident Reporting & Response:

To ensure a swift and coordinated response to security incidents, the following steps must be followed:

Incident Identification & Reporting:

  • Any suspected or confirmed security incident must be reported immediately to the client’s designated security contact via email and phone.
  • The incident must also be escalated to the Director, Darcy Patterson, who will oversee the response efforts.
  • Incident reports must include the following details:

  1. Nature of the breach (e.g., unauthorized access, phishing attempt, data exposure).

  2. Systems affected (e.g., Google Workspace, HubSpot, SafetyCulture).

  3. Initial response actions taken (e.g., password resets, access revocation).

Containment & Mitigation :

Upon receiving an incident report, the following containment measures should be implemented:

  • Account Security: Reset compromised credentials and enforce Multi-Factor Authentication (MFA) if not already enabled.
  • System Isolation: Restrict access to affected systems to prevent further exploitation.
  • Network Security: If necessary, block malicious IP addresses and monitor traffic for suspicious activity.
  • Data Protection: Ensure any exposed data is secured, and investigate the extent of unauthorized access.

Communication & Escalation :

  • Bravas Technology will coordinate with the affected client and third-party security teams (e.g., SafetyCulture security team) for a collaborative response.
  • If required by law or contract, affected parties will be notified promptly in accordance with Australian Privacy Act 1988 and GDPR guidelines.
  • Internal stakeholders will be kept informed of the investigation’s progress and any necessary remediation steps.

Recovery & Post-Incident Actions :

Once the immediate threat is neutralized, Bravas Technology will:

  • Follow third-party software recovery procedures (e.g., SafetyCulture’s security protocols) to restore affected systems.
  • Conduct a root cause analysis to identify vulnerabilities and recommend long-term security improvements.
  • Implement corrective actions, such as security updates, employee training, or policy adjustments to prevent recurrence.

4. Responsibilities:

Director Responsibilities:

  • Act as the primary escalation point and coordinate incident response efforts.
  • Ensure timely communication with clients and external security teams.
  • Approve necessary remediation and security enhancement measures.

Contractor & Employee Responsibilities:

  • Promptly report all security incidents and cooperate fully in investigations.

  • Adhere to security best practices and participate in periodic security awareness training.
  • Implement recommended security measures, such as using strong passwords and avoiding suspicious links or attachments.

5. Monitoring & Compliance:

  • Bravas Technology will conduct periodic security audits to assess vulnerabilities and refine incident response procedures.
  • Security logs and incident reports will be reviewed to ensure compliance with established policies.
  • Failure to report or respond to security incidents appropriately may result in disciplinary action, termination of contracts, or legal consequences.

6. Policy Review & Updates:

This policy will be reviewed annually or as required based on regulatory changes, emerging security threats, or internal process updates. Personnel will be notified of any changes and must acknowledge their continued compliance.

Acknowledgment & Agreement
By accessing Bravas Technology’s systems, all users confirm they have read, understood, and agree to comply with this policy. Failure to adhere to this policy may result in restricted access or disciplinary action.

1. Purpose:

This policy establishes the cybersecurity measures required to protect Bravas Technology’s assets, including hardware, software, and data, from cyber threats. It ensures that all personnel adhere to best practices in cybersecurity to maintain system integrity, confidentiality, and availability.

2. Scope:

This policy applies to all:

  • Company hardware (e.g., Apple MacBooks, external storage devices, and networking equipment).
  • Software platforms (e.g., Google Workspace, Google Cloud, HubSpot, and other business-critical applications).
  • Independent contractors and employees who have access to Bravas Technology’s systems and data.
  • Third-party vendors providing services that involve access to company data or systems.

3. Cybersecurity Measures:

To safeguard company resources from cyber threats, the following cybersecurity controls are enforced:
  • Device Security: All company and contractor devices must undergo regular antivirus scans and automatic security updates to mitigate vulnerabilities.

Access Control:

  • Multi-Factor Authentication (MFA) is mandatory for accessing cloud-based services and sensitive systems.
  • Role-based access control (RBAC) ensures that users only have permissions necessary for their job functions.
  • Contractors and employees are required to use strong, unique passwords managed via a password manager.

Network Security:

  • Company systems must be accessed only through secure networks. Public Wi-Fi must not be used without a VPN.
  • Firewalls and encryption protocols must be enabled on all company devices.

Data Protection:

  • Sensitive client and company data must be stored and transmitted using encrypted channels.
  • Data access must be logged and regularly audited for unauthorized access attempts.

Incident Response:

  • Any suspected or confirmed cybersecurity incidents must be reported immediately to the Director.
  • Incident response procedures must be followed as outlined in the Incident Response Policy.

Compliance:

  • All systems must be configured according to security recommendations provided by Google Cloud security guidelines and other relevant service providers.

4. Training & Awareness:

To ensure ongoing cybersecurity awareness and compliance, Bravas Technology requires:

  • Onboarding Training: All contractors and employees must complete cybersecurity training, covering topics such as:
    Phishing awareness and email security
    ○ Secure password management
    ○ Safe data handling and device security
  • Periodic Refresher Training: Security training is required annually, with additional training scheduled as needed based on emerging threats or incidents.
  • Security Drills: Employees and contractors may be subject to simulated phishing exercises to assess their awareness and responsiveness to security threats.

5. Monitoring & Compliance:

Bravas Technology continuously monitors its remote access security through:

  • Regular system audits to detect vulnerabilities and enforce policy compliance.
  • Automated security alerts for suspicious activity or unauthorized access attempts.
  • Contractor security compliance checks to verify adherence to cybersecurity protocols.

Failure to comply with this policy may result in:

  • Suspension or termination of access to company systems.
  • Contract termination for independent contractors or vendors who do not meet security standards.
  • Legal action, where applicable, in cases of negligence leading to data breaches.

6. Policy Review & Updates:

This policy will be reviewed and updated annually or in response to significant cybersecurity developments, regulatory changes, or security incidents. All personnel will be notified of any modifications and must acknowledge their continued compliance.

Acknowledgment & Agreement
By accessing Bravas Technology’s systems and data, all users confirm they have read, understood, and agree to comply with this policy. Failure to adhere to this policy may result in disciplinary action or contract termination.

1. Purpose:

This policy establishes Bravas Technology’s standards for managing access control and password security. It ensures that only authorized individuals can access company systems, protecting sensitive data from unauthorized access, breaches, and cyber threats.

2. Scope:

This policy applies to all employees, independent contractors, and third parties who access Bravas Technology’s systems, including:

  • Google Workspace
  • HubSpot
  • Third-party business applications (e.g., SafetyCulture, Employment Hero, QuickBooks, Trello) 
  • Company-owned or approved devices and network resources

Compliance with this policy is mandatory for all users to ensure data security and operational integrity.

3. Access Control Policy:

To maintain strict control over access to company data, the following guidelines must be followed:

  • Role-Based Access Control (RBAC): Access to systems and data is granted based on job function and necessity.
  • Least Privilege Principle: Users should be granted the minimum level of access necessary to perform their job duties.
  • Multi-Factor Authentication (MFA): Required for all systems handling sensitive data to add an extra layer of security.
  • Admin Access:
    ○ Only the director, Darcy Patterson, has administrative privileges to customer data systems.
    ○ No unauthorized modifications to admin permissions are permitted without documented approval.

4. Password Security Requirements:

    • Passwords must comply with the complexity requirements set forth by Google Workspace and other relevant platforms, which include:
      • A minimum of 12 characters
      • A mix of uppercase and lowercase letters, numbers, and special characters
      • No reuse of the previous five passwords
  • Passwords must be updated every 90 days and should never be shared with any individual.
  • Users must use a password manager to securely store and manage credentials rather than writing passwords down.
  • Bravas Technology will conduct regular password audits to ensure compliance and identify potential vulnerabilities.

5. Responsibilities

Bravas Technology Responsibilities
  • Implement and maintain strict access control measures to protect sensitive data.
  • Conduct regular security reviews and audits of system access logs.
  • Ensure all employees and contractors receive training on password security and access control best practices.
User Responsibilities
  • Do not share login credentials with anyone, including colleagues or external parties.
  • Use unique passwords for each system and enable MFA where required.
  • Report any suspected unauthorized access or security incidents immediately to the Director.
  • Log out of systems when not in use, especially when working on shared or public devices.

6. Monitoring & Compliance:

Bravas Technology reserves the right to monitor system access and password compliance
through:

  • Routine access reviews to validate appropriate privilege levels.
  • Security audits to detect potential breaches or non-compliant behavior.
  • Automated alerts for unauthorized login attempts or unusual activity.
Non-compliance with this policy may result in temporary suspension of system access, disciplinary action, or termination of contract where applicable. Serious violations may lead to legal consequences.

7. Policy Review & Updates

This policy will be reviewed annually or as necessary to ensure alignment with evolving cybersecurity threats and best practices. Updates will be communicated to all personnel, and compliance training will be provided as needed.

Acknowledgment & Agreement

By accessing Bravas Technology’s systems, all users acknowledge and agree to abide by the terms outlined in this policy. Failure to comply may result in restricted access or disciplinary action.

1. Purpose:

This policy establishes Bravas Technology’s commitment to protecting the privacy and confidentiality of all client, partner, and personal data. It ensures that data is collected, handled, stored, and secured in compliance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and the General Data Protection Regulation (GDPR), as applicable.

2. Scope:

This policy applies to all data processed by Bravas Technology, including but not limited to:
  • Client and partner data, whether personally identifiable or business-related;
  • Data stored on company-owned hardware, Google Cloud, and HubSpot;
  • Data transmitted to third-party platforms such as SafetyCulture and Employment Hero;
  • Any other electronic or physical storage methods used by Bravas Technology to process and manage information.
All employees, independent contractors, and third parties working with Bravas Technology must comply with this policy.

3. Data Handling & Storage

Bravas Technology follows strict protocols to ensure the safe handling and storage of all data:
  • Data Collection: Only necessary data required for business operations and client services will be collected. Data will be collected transparently, with consent where required.
  • Data Storage:
    • Client data is temporarily stored in Google Workspace while being processed or transferred to client-approved third-party platforms (e.g., SafetyCulture, Employment Hero).
    • Once data is successfully uploaded to the client’s designated system, it is removed from Bravas Technology’s internal storage.
    • Data stored in HubSpot and other CRM platforms is protected by multi-factor authentication (MFA) and is strictly accessible only by authorized personnel.
  • Data Encryption & Security:
    • Data in transit and at rest is encrypted using industry-standard encryption protocols.
    • Secure access controls, including role-based permissions and audit logs, are implemented to track data access and prevent unauthorized modifications.

4.Legal & Regulatory Compliance

Bravas Technology is committed to maintaining compliance with all applicable data protection laws and regulations, including:
  • The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs);
  • The General Data Protection Regulation (GDPR) where applicable to EU-based clients;
  • Any other relevant industry standards and contractual obligations related to data protection.
To ensure compliance:
    • Non-Disclosure Agreements (NDAs) are executed with clients, contractors, and relevant third parties handling sensitive data.
    • Data subjects have the right to access, correct, or request deletion of their personal data, in accordance with legal requirements.
    • In the event of cross-border data transfers, Bravas Technology ensures that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place.

5. Responsibilities

Bravas Technology Responsibilities

  • All personnel handling sensitive data are adequately trained in data privacy best practices.
  • Data protection measures are periodically reviewed and updated in response to emerging risks.
  • Incident response procedures are followed in the event of a data breach or suspected data security incident.
Employee & Contractor Responsibilities
  • Data Handling Training: All employees and contractors must undergo mandatory onboarding training on data privacy and security.
  • Access Controls: Employees and contractors are only permitted to access data necessary for their role, and they must adhere to Bravas Technology’s security guidelines.
  • Reporting Obligations: Any suspected or actual data breach must be reported immediately to the Director and handled in accordance with the Incident Response Policy.

6. Data Breach Management

In the event of a data breach or suspected unauthorized data access, Bravas Technology will:
  1. Detection & Assessment
    • Identify and classify the security incident (e.g., unauthorized access, data breach, malware attack).
    • Assess the impact on systems, client data, and operations.
    • Activate the Incident Response Team (IRT) as needed.
  2. Containment & Mitigation
    • Isolate affected systems, revoke compromised access, and enforce immediate MFA revalidation.
    • Conduct forensic analysis to determine the root cause.
    • Remove threats, scan for vulnerabilities, and ensure no further compromise.
  3. Client & Regulatory Notification
    • Inform affected clients and provide action steps.
    • Comply with legal reporting obligations (e.g., Australian Privacy Act 1988, GDPR).
    • Maintain clear, transparent communication.
  4. Investigation & Recovery
    • Perform forensic analysis and document findings.
    • Restore systems using secure backups and apply necessary patches.
    • Conduct a post-incident security audit.
  5. Prevention & Continuous Improvement
    • Implement long-term security upgrades based on findings.
    • Enhance employee training, security policies, and access controls.
    • Schedule regular penetration testing and security audits.
  6. Documentation & Lessons Learned
    • Maintain an incident report summarizing cause, actions taken, and prevention strategies.
    • Integrate findings into security awareness training and future prevention efforts.

7. Policy Review & Updates

This policy will be reviewed annually or when significant changes to regulatory requirements or business operations occur. Updates will be communicated to all personnel, and compliance training will be conducted as necessary.
Acknowledgment & Agreement
By accessing or handling data at Bravas Technology, all personnel confirm that they have read, understood, and agree to comply with this policy. Failure to adhere to this policy may result in disciplinary action, including termination of contract or legal consequences.

1. Purpose:

The purpose of this policy is to establish clear guidelines for the acceptable use of Bravas Technology’s systems, software, and data. This policy is designed to ensure that all use of company resources aligns with client agreements, legal and regulatory requirements, and Bravas Technology’s commitment to maintaining a high standard of data security with a low-risk tolerance. Compliance with this policy helps protect the integrity, confidentiality, and availability of company and client data.

2. Scope:

This policy applies to the director, independent contractors, employees, and any other personnel who are granted access to Bravas Technology’s systems, software, or data. It encompasses all digital assets, including but not limited to Google Workspace, Google Cloud, HubSpot, and associated hardware and software utilized for business operations.

3. Policy Statement

Bravas Technology requires that all individuals using company systems and data adhere to the following principles:
  • Company resources, including software platforms, cloud services, and associated devices, must be used strictly for professional purposes related to the execution of client projects and business operations.
  • The use of company systems must be in full compliance with contractual obligations, regulatory requirements, and security frameworks established by Bravas Technology’s technology partners, including SafetyCulture and Employment Hero.

4.Acceptable Use Guidelines

To ensure responsible and secure use of company resources, all users must adhere to the following:
  • Systems should only be used for legitimate business activities and must not be used for any personal, non-business-related purposes that could interfere with productivity or compromise security.
  • Client data should only be accessed, stored, and shared as necessary for the execution of agreed services. Any additional use must be approved by the client and in line with relevant contractual agreements.
  • Users must comply with any additional data security and privacy guidelines specified in client contracts or third-party vendor agreements.

5. Prohibited Use

The following activities are strictly prohibited and will be considered violations of this policy:
  • Unauthorized access to, modification of, or distribution of client or company data.
  • Engaging in any activity that compromises the security or integrity of company systems, including bypassing security measures, introducing malware, or engaging in phishing or social engineering attacks.
  • Use of company resources for any illegal, unethical, or unauthorized activities, including but not limited to personal financial gain, harassment, or the dissemination of inappropriate content.
  • Sharing login credentials or security tokens with unauthorized individuals, or failing to adhere to multi-factor authentication (MFA) requirements.

6.Responsibilities

In the event of a data breach or suspected unauthorized data access, Bravas Technology will:
  • Users: All personnel granted access to Bravas Technology’s systems must review, understand, and acknowledge this policy prior to accessing company resources.
  • Director: The director, Darcy Patterson, is responsible for ensuring the implementation, periodic review, and enforcement of this policy.
  • Security Compliance: Contractors and employees are responsible for maintaining compliance with this policy and reporting any security incidents or policy violations immediately.

7. Enforcement

Violations of this policy will result in corrective actions, which may include:
  • Temporary or permanent suspension of system access.
  • Termination of contract or engagement with Bravas Technology.
  • Legal action in cases where violations involve unauthorized access, data breaches,
    or other serious infractions.
Policy Review & Updates This policy will be reviewed periodically to ensure its continued relevance and compliance with evolving security standards and regulatory requirements. Amendments may be made as necessary, and all personnel will be notified of any significant changes.
Acknowledgment & Agreement
Acknowledgment & Agreement By using Bravas Technology’s systems, software, and data, all personnel acknowledge and agree to comply with the terms outlined in this policy.
Linkedin-in Youtube

Quick Links

Follow Us

Contact Information

Copyright © 2025 Bravas Technology Pty Ltd, All Right Reserved.

Scroll to Top