“we”, “us” and “our” refer to IdentityPulse. “staff” and “users” include all individuals working under our control, including employees, contractors, and interns.
The purpose of this policy is to define the direction, principles, and key rules for managing information security within IdentityPulse. It aims to outline how information is safeguarded and ensure all staff understand their responsibilities. This document has been developed in consultation with the IdentityPulse leadership team and may be amended as required.
This policy applies to all IdentityPulse staff and relevant external parties. The Operations Manager holds primary responsibility for its implementation and management, unless otherwise noted. Further details or clarifications may be obtained from the IdentityPulse Compliance Team.
IdentityPulse operates under a structured compliance framework designed to identify and manage information security, privacy, and business risks. We ensure the security and confidentiality of Source Data provided by customers under relevant agreements and uphold all related legal and regulatory obligations.
IdentityPulse conducts continuous risk assessments to evaluate threats based on severity, likelihood, and controllability. Each identified risk receives a Risk Score, which is assessed against approved criteria to determine treatment priorities. Our approach remains business-led, aligned with best practices, and subject to ongoing review and improvement.
IdentityPulse treats all Personally Identifiable Information (PII) with the highest degree of sensitivity and classification. Confidentiality of PII stored for transactional purposes is maintained through SFTP processes. We do not store any PII unless explicitly instructed. All clients and related parties must sign suitable contracts governing data access and use, including penalties for misuse. It is each company’s responsibility to ensure their internal processes comply with these terms.
Any security incident involving a Personal Data breach must be reported immediately to the Operations/Privacy Officer. IdentityPulse will notify all necessary parties and authorities in accordance with legal, contractual, and regulatory obligations, and within required timeframes.
As an Australian business, personal data breaches must be reported to both affected individuals and the Office of the Australian Information Commissioner (OAIC), and may also need to be reported to other relevant authorities, including financial service providers, law enforcement bodies, professional associations, or regulatory bodies.
IdentityPulse implements formal procedures to address risks related to changes in systems and business operations. All changes, including code development, architecture, and infrastructure, require appropriate testing to ensure successful implementation without negatively impacting production functionality.
IdentityPulse considers the security implications of all change requests, evaluating risks based on likelihood, potential impact, and severity to determine appropriate mitigation measures.
IdentityPulse’s cloud servers are protected by RackCorp Firewall systems with intrusion prevention systems (IPS) that identify and block threats in real time. The cloud service provider is responsible for access control, logging, and infrastructure monitoring.
Backup copies of information, software, and system images are taken and tested regularly. Backup frequency and retention align with business, legal, and security requirements. All backup data is protected under the same logical and physical security controls as production data, maintaining confidentiality, integrity, and availability.
All data is stored on secure, cloud-based servers protected by firewalls and advanced encryption. Database systems prevent unauthorised access and maintain user and IP-based audit logs for all transactions. Databases are backed up multiple times daily, and redundancy and failover processes are regularly tested to ensure resilience.
IdentityPulse does not maintain an internal network. Network security is managed and controlled by RackCorp Pty Ltd to protect all system and application data.
IdentityPulse’s policies ensure all data remains secure both within internal databases and during client access. System access is electronically monitored, providing a complete audit trail of all data interactions.
IdentityPulse maintains Public Liability, Product Liability, Professional Indemnity, and Cybersecurity insurance at all times. Insurance coverage is reviewed annually or as required. We expect a similar level of coverage from all contracting partners.
All clients and customers using IdentityPulse systems and services are required to implement and maintain minimum information security standards.
IdentityPulse ensures all data source suppliers (“Suppliers”) undergo robust due diligence to verify reliability, accuracy, and compliance. Each supplier must demonstrate appropriate certifications and verification processes to ensure lawful and secure service delivery.
IdentityPulse will take all necessary measures to address and remedy any breach of this policy, including the use of disciplinary or contractual actions where appropriate.
Identity verification, rebuilt from the data layer up. Built in Australia. Supporting clients globally.
