FinCap takes data security and privacy seriously, we recognise Client Voice’s information security practices are important to you. While we do not like to expose too much detail around our practices (as it can empower those who we are protecting ourselves against), we have provided some general information below to give you confidence in how we secure the data entrusted to us.
Data security
The following measures are in place to ensure the security of the Client Voices application and the data held within:
- Client Voices data is stored offshore in Sydney using Amazon Web Service and backups are carried out daily. The application environment is regularly scanned for vulnerabilities
- Data held within Client Voices, and sent over networks is encrypted.
- Data exported from Client Voices is stripped of all identifying data.
- A disaster recovery plan ensures Client Voices, and the data held within, are recoverable in the event the AWS data centre goes offline.
- Deleted records are recoverable for up to 30 days, beyond that they are unrecoverable.
- Policy in place to enforce the use of strong passwords and measures in place to protect from brute force attacks.
- Client Voices scans all uploaded files uploaded for virus’.
- Access to Client Voices systems follows a principle of least access, and people with administrative access have undergone appropriate training.
Data retention
The data held within Client Voices belongs to financial mentoring services and the clients of financial mentoring services. As a Client Voices user, you must ensure:
- you process any personal information in the client data in compliance with the Privacy Act 2020
- You obtain any necessary third-party permissions or consents;
- You comply with any applicable third-party license terms; and
- The client data does not incorporate any unlawful, illegal, fraudulent or harmful data.
Data disposal features exist to support services to dispose of records that are no longer needed.
Shared responsibility
Protecting access to your data requires that as a Client Voices user, you maintain the security of your account by using secure passwords and protecting them, as necessary. Here are some Client Voices support articles available which support you in fulfilling your privacy and security responsibilities.
Know when you should upload documents to Client Voices
When to delete client records from Client Voices
Automatically delete closed client cases and client records
Responding to a privacy breach in your organisation
Patching and maintenance
FinCap has an agreement with Boost, our developer, to carry out patching and maintenance monthly. This schedule includes bug-fixes, patching of servers, updating software versions and appropriate feature work. Boost also provides incident management outside of scheduled maintenance.
Independent privacy and security audits carried out
Completed:
- Penetration test completed – 22/11/2019
- Privacy Impact Assessment Complete – 10/03/2020
- Security Risk Assessment and Audit completed– 25/05/2020
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article