Data security
At Brokers' BackOffice we take data security very seriously and therefore have implemented very strong IT control environment to protect against siginificant security vulnerabilities. In fact, majority of the aggregator groups scrutinise our information security and other operational controls before allowing the broker partners to utilise our services.
Please note some of the key IT security controls:
Technical controls
- The team at Brokers BackOffice operate completely paperless. Broker partners share their clients' files or folders through OneDrive/DropBox/Google Drive or any other cloud-based file sharing systems.
- Broker partners control access to their clients' files or folders. They allow us only the required level of access and can withdraw it after the loan processing tasks are completed.
- The files or folders shared by the broker partners are not accessed by the team members on their individual laptop devices. The team members log in to Sydney based servers through VPNs to perform the loan processing services.
- The security controls from within the servers prohibit moving/copying files or folders from secured servers to their own devices. That means, all files/folders always remain within the secured shell within the servers.
- These servers are scalable and virtual machines can be created in minutes allowing for the team to resume functioning without any significant operational interruptions.
- Using USBs/CDs or other mobile storage devices have been disabled on the servers.
- The servers are secured and only allows accessing websites/portals that have been authorised.
- Team members do not have admin privileges on the servers. That means, the servers only allow installing authorised applications on the systems providing protection again inadvertent installation of any malware or other viruses.
- Apart from complex password settings, all login credentials require multi-factor authentications.
- All individual team members laptop devices and our servers have also been secured with the latest and ongoing anti-virus subscriptions.
- In addition to the above controls, IT professionals regularly perform audits to identify any system vulnerabilities.
- Team members are regularly trained with respect to identifying potential security threats and how to maintain a strong IT control environment.
- We have very strong disaster recovery measures in place to provide safeguard against any major interruption of our business operations.
- Our server partners provide guaranteed uptime and also data are automatically backed up at regular intervals. Our dedicated team of IT professionals ensure that the systems, data, files or folders can be restored without any significant losses in case any contingencies eventuate.
HR related controls:
- Employees or contractors employed by Brokers BackOffice are well qualified and have Bachelors and/or Masters degree in accounting or finance.
- Before employees or contractors are hired, their background is thoroughly checked including verifying their legality to work, getting police clearance certificates and performing employer reference checks.
- Employees are adequately trained on data breach, IT risks and security measures. They are also trained on Australian Privacy Principles.
Other general controls
- We have adopted a privacy policy which is displayed on our website. The privacy policy is in line with the requirements of the Australian Privacy Principles.