Data Control Policy for MonetaLend

At MonetaLend, we take your privacy and data security seriously. This policy outlines how we handle your information, focusing on maintaining the security of Consumer Data Right (CDR) data in compliance with Australian regulations.

 

1. Information Security Controls

We have implemented robust information security processes to limit the risk of unauthorised access to your CDR data. Our security practices include:

  • Multi-Factor Authentication: We require MFA or equivalent control to ensure secure access to our systems.
  • Role-Based Access: Access to sensitive data is limited based on job roles, ensuring only authorised personnel can view your data.
  • Administrative Privilege Restrictions: Administrative access is limited and regularly reviewed to prevent unauthorised system changes.
  • Audit Logging & Monitoring: We track and monitor access and activity to identify any suspicious behaviour.
  • Unique IDs & Password Authentication: Each user has a unique ID and must use password authentication to access our systems.
  • Physical Security: Physical access to our systems is restricted and monitored to prevent unauthorised entry.

2. Network & System Security

We use advanced security measures to protect our network and systems, ensuring the safety of your data. These include:

  • Encryption: All CDR data is encrypted in transit and at rest to prevent unauthorised access.
  • Firewalls: Firewalls are in place to shield our networks from external threats.
  • Server & Device Hardening: We regularly harden our servers and end-user devices to eliminate vulnerabilities.

3. Data Lifecycle Management

We manage your data securely throughout its lifecycle, from collection to deletion:

  • Data Loss Prevention: We use technology to prevent unauthorised transmission of CDR data.
  • Controlled Non-Production Environments: CDR data is restricted in non-production environments to prevent misuse.
  • Lifecycle Management: We securely manage CDR data at every stage, from acquisition to secure deletion.

4. Vulnerability Management

We actively manage and patch vulnerabilities to protect your information:

  • Patching: Our systems are regularly updated with the latest security patches.
  • Secure Coding Practices: Our developers follow secure coding practices to minimise risk.
  • Vulnerability Tracking: We identify and address vulnerabilities swiftly to maintain system security.

5. Malware Prevention

We take steps to prevent, detect, and eliminate malware:

  • Anti-Malware & Antivirus: We use advanced anti-malware and antivirus solutions to detect and remove malicious software.
  • Web & Email Filtering: Filters block potentially harmful web and email content.
  • Application Whitelisting: Only approved applications are permitted to run on our systems, reducing the risk of malware infections.

6. Security Training & Awareness

Our team receives ongoing security training to ensure the safe handling of your data:

  • Security Training: All personnel interacting with CDR data undergo regular security training.
  • Acceptable Use: We enforce strict guidelines for the acceptable use of technology.
  • Human Resource Security: Personnel are vetted and trained to uphold the highest standards of data security.