Frequently Asked Questions (FAQ)
Compliance
Documentation of our compliance against global standards including certifications, attestations, and audit reports.
Policies
Documentation of our compliance against global standards including certifications, attestations, and audit reports.
Cybersecurity
Has Viatek experienced any cybersecurity incidents in the past three years?
No, Viatek has not been the subject of any cybersecurity incidents in the past three years. We prioritise the security of our systems and data through robust cybersecurity measures and proactive risk management strategies. Our commitment to maintaining a secure environment helps protect both our organisation and our clients from potential threats.
Does Viatek use third-party auditors to assess and test its security practices?
Yes, Viatek engages third-party auditors to assess and test our security practices. This independent evaluation helps us ensure that our cybersecurity measures are effective and compliant with industry standards.
Does Viatek have cyber insurance?
Yes, Viatek maintains cyber insurance to protect our organization and our clients against potential cyber risks and incidents. This insurance provides financial coverage for various cybersecurity-related events, including data breaches, system failures, and other cyber threats.
When were Viatek's security incident response procedures last tested?
Viatek conducts annual testing of our security incident response procedures to ensure their effectiveness and readiness. The most recent test was carried out in February 2024.
What are Viatek's response and notification processes in the event of a data breach or unauthorized access?
At Viatek, we have a comprehensive and structured process in place to respond to potential data breaches or unauthorized access incidents. Our response and notification process follows these key steps:
- Incident Identification and Initial Response:
- The incident is identified and allocated to our Service Desk.
- The Service Desk communicates with the customer contact and our Security Response Team.
- Insurer Engagement:
- Our insurer is promptly engaged.
- The case is allocated to a Service Manager who communicates with the Director of Technology and the insurance company.
- Containment:
- An assigned resource contains the breach.
- This resource communicates progress to the Service Manager and customer contact.
- Evidence Collection:
- An assigned resource collects all relevant evidence.
- Findings are communicated to the Service Manager and customer contact.
- Official Notification:
- The Service Manager notifies the Office of the Australian Information Commissioner (OAIC).
- Communication is maintained with OAIC, the customer contact, and our Security Response Team.
- Eradication and Restoration:
- The breach is eradicated and services are restored by the assigned resources.
- Progress is communicated to the Service Manager and customer contact throughout this phase.
- Documentation and Knowledge Sharing:
- The Service Desk creates a knowledge article.
- The Service Manager reviews and publishes the article.
- Incident Closure:
- The assigned resource closes the incident.
- Final communication is made with the Service Manager and customer contact.
This structured approach ensures we respond swiftly and effectively to potential data security incidents, prioritising protecting our clients’ data and maintaining transparency throughout the process. Our method involves a clear allocation of responsibilities and ensures consistent communication with all relevant parties, including the affected customer, our internal teams, and regulatory bodies when necessary.
What cybersecurity awareness practices does Viatek implement for its staff?
At Viatek, we recognise that our employees play a crucial role in maintaining our overall cybersecurity posture. We have implemented a comprehensive cybersecurity awareness program that includes:
- Annual Cyber Security Refresher Training:
- Mandatory for all staff members
- Covers the latest threats, best practices, and company policies
- Ensures our entire team stays up-to-date with evolving cybersecurity landscape
- Monthly Newsletters for Operational Staff:
- Targeted information for staff directly involved in day-to-day operations
- Provides timely updates on emerging threats and security best practices
- Reinforces key cybersecurity concepts regularly
- Ongoing Risk Management Practices:
- Involves all staff members
- Encourages a culture of security awareness across the organisation
- Includes regular risk assessments and updates to security protocols
When was the last penetration test conducted on Viatek's corporate network, and what were the results?
Viatek is committed to maintaining robust cybersecurity measures, including regular network security testing. Here are the key points regarding our most recent penetration test:
- Timing: Our last comprehensive penetration test was conducted in March 2024.
- Scope: The test covered our corporate network’s external and internal interfaces, providing a thorough assessment of our security posture.
- Results: All identified vulnerabilities were promptly and fully remediated following the test.
- Transparency: We understand the importance of transparency in security matters. While we don’t publicly disclose detailed results for security reasons, we can provide an executive summary of the penetration test report upon request from authorised parties.
- Ongoing Commitment: Regular penetration testing is part of our broader cybersecurity strategy, helping us continually identify and address potential vulnerabilities.
How does Viatek detect and monitor security events and activities across its network and systems?
At Viatek, we employ a multi-layered approach to detect and monitor security events and activities across our network and systems:
- RMM Tools for Event Management:
- We utilise Remote Monitoring and Management (RMM) tools to monitor our network and systems continuously.
- These tools provide real-time visibility into security events and activities, allowing for quick detection and response.
- Quarterly Access Review Assessments:
- We conduct thorough access review assessments on all systems every quarter.
- This process helps ensure that access rights are appropriate and up to date, reducing the risk of unauthorised access.
- 24/7 Fully Managed Security Operations Centre (SOC):
- Our network and systems are monitored round-the-clock by a fully managed SOC.
- This team of security experts provides continuous surveillance, threat detection, and incident response capabilities.
Customer Data
What types of customer data does Viatek store and process?
At Viatek, we store and process essential business information to provide services effectively.
This includes:
- Company details (address, contact information)
- Equipment data (make, model, location, service history, usage statistics)
- Contract and financial information (service agreements, purchase orders, invoices)
- Technical support records
We maintain this data to ensure seamless service delivery, efficient equipment management, and prompt technical support for our clients.
Is any customer data stored on Viatek's corporate network, and how is it protected?
As a rule, Viatek does not store customer data on our corporate network beyond the essential business information outlined in our data storage policy. However, in the rare event that additional customer data is temporarily present on our systems:
- We adhere to strict data protection protocols as part of our comprehensive cybersecurity measures.
- Our Data Governance Policy ensures that any customer information is securely managed throughout its lifecycle.
- In the event of customer offboarding, we have a robust data purging process in place. This process ensures that all customer data is thoroughly and securely removed from our systems.
Our commitment is to maintain the highest standards of data protection and privacy for all our clients, whether data is actively stored in our systems or in the process of being removed.
What background checks does Viatek conduct on employees, especially those interacting with customers or their data?
At Viatek, we take the security and trust of our customers seriously. We conduct thorough checks on all our employees, with particular emphasis on those who interact with customers or handle customer data. Our screening process includes, where applicable to the role:
- Criminal history checks
- Verification of
professional certifications and qualifications - Working with Children Check
- Ensure the integrity and trustworthiness of our staff
- Protect our customers’ data and interests
- Maintain a safe and secure working environment
- Comply with relevant industry and regulations
We regularly review and update our screening process to align with best practices in the industry and to meet the evolving needs of our business and our customers.
Does Viatek share customer data with third parties?
At Viatek, we take the privacy and security of our customers’ data very seriously. Our policy regarding sharing customer data with third parties is as follows:
- General Policy:
- As a rule, we do not share customer data with third parties.
- This ensures that your information remains confidential and secure within our systems.
- Exception – SE Rentals:
- The only exception to this policy is when a customer enters into a lease agreement.
- In such cases, we share relevant lease data with SE Rentals, our leasing partner.
- Only information directly related to the lease agreement is shared.
- Data Sharing Limitations:
- Even in the case of lease agreements, we strictly limit the data shared to what is necessary for the leasing process.
- No additional customer data beyond lease-specific information is ever shared with SE Rentals or any other third party.
- Data Protection:
- When data is shared with SE Rentals, it is done so under strict confidentiality and data protection agreements.
- We ensure that any shared data is handled with the same level of security and privacy as within our systems.
- Transparency:
- We are committed to transparency in our data handling practices.
- Customers entering into lease agreements are informed about the necessary data sharing with SE Rentals.
Our commitment is to protect your data while providing the services you need. We continuously review and update our data-sharing practices to ensure they align with the highest privacy and security standards.
How does Viatek store and back up data within its systems?
At Viatek, we implement robust data storage and backup procedures to ensure the security, integrity, and availability of all data within our systems. Our approach includes:
- Comprehensive Nightly Backups:
- We perform nightly backups at the host level, which includes:
- The application
- The database
- The database server
- Host-Level Backup Strategy:
- By backing up at the host level, we ensure that all critical components of our systems are preserved.
- This approach provides a complete snapshot of our data environment each night.
- Data Protection Benefits:
- Ensures business continuity in case of unexpected events
- Allows for quick data recovery if needed
- Maintains historical data for compliance and analysis purposes
- Security Measures:
- Backups are encrypted to protect data during storage and transfer
- Access to backup data is strictly controlled and monitored
- Regular Testing:
- We regularly test our backup and recovery processes to ensure their effectiveness
This comprehensive backup strategy helps us maintain data integrity, supports our disaster recovery plans, and ensures that we can provide uninterrupted service to our clients.
Will Viatek staff have access to customer data stored in the system and what controls are in place to prevent misuse of such access?
Viatek implements strict controls to manage access to customer data under our privacy policy. Our approach includes:
1. Role-Based Access Control (RBAC):
- We employ a comprehensive RBAC system to manage access to data and systems.
- Staff members are only granted access to data and systems necessary for their specific job functions.
2. Principle of Least Privilege:
- Access rights are granted based on the principle of ‘least privilege’, ensuring staff members have the minimum level of access required to perform their duties.
3. Access Management:
- Regular reviews of access rights are conducted to ensure they remain appropriate.
- Access is promptly revoked when no longer required or when staff members change roles.
4. Multi-Factor Authentication:
- We utilise multi-factor authentication to add an extra layer of security for accessing sensitive systems and data.
5. Audit Trails:
- All access to customer data is logged and monitored, creating an audit trail for accountability.
6. Employee Training:
- Staff members receive regular training on data privacy and security practices to ensure they understand their responsibilities in handling customer data.
7. Information Security Management System (ISMS):
- Our ISO 27001:2013 certification demonstrates our commitment to maintaining a robust information security management system.
8. Confidentiality Agreements:
- Staff members are bound by confidentiality agreements that prohibit unauthorised use or disclosure of customer data.
9. Incident Response:
- We have a comprehensive incident response plan in place to quickly address any potential misuse of access.
These controls are part of our broader commitment to protecting the confidentiality, integrity, and availability of our customers’ information, as outlined in our Quality and Information Security Policy.
How does Viatek ensure the seperation of one customer's data from another?
At Viatek, we take data security and privacy very seriously. To guarantee the separation of customer data, we implement the following approach:
- Isolated Systems:
- Customer data is stored in a separate system from Viatek’s corporate data.
- Data Segregation:
- Each customer’s data is logically separated within our systems.
- This segregation prevents unauthorized access or cross-contamination between different customers’ information.
- Access Controls:
- We implement strict role-based access controls (RBAC) to ensure that only authorized personnel can access specific customer data.
- These controls are regularly audited and updated to maintain data integrity and confidentiality.
- Security Measures:
- Our ISO/IEC 27001:2013 certification demonstrates our commitment to information security management.
- We employ best-of-breed security practices to protect all data within our systems.
- Regular Audits:
- We conduct regular security audits to ensure the effectiveness of our data separation measures.
- These audits help us identify and address any potential vulnerabilities in our data isolation processes.
- Compliance:
- Our data separation practices comply with relevant data protection regulations and industry standards.
- This ensures that we meet or exceed the expected levels of data privacy and security.
Confidentiality, Privacy, Personally Identifiable Information (PII)
Do Viatek's client engagement terms or contracts include provisions for confidentiality, privacy, and information security?
Yes, Viatek’s client engagement terms and contracts explicitly include provisions that address confidentiality, privacy, and information security. We are committed to safeguarding our clients’ sensitive information and ensuring compliance with relevant data protection regulations. We are constantly monitoring and surveying to ensure we are working within the confines of the law.
How does Viatek handle Personally Identifiable Information (PII) storage and usage, and does it comply with privacy laws?
At Viatek, we take the security and privacy of Personally Identifiable Information (PII) very seriously. Our approach to handling PII is as follows:
- Collection and Use of Personal Data:
We collect and use personal information in accordance with our privacy policy (Privacy Policy).
Personal data is used for purposes such as:
- Fulfilling and tracking orders
- Identifying product and service preferences
- Sending product updates and warranty information
- Responding to inquiries and customer service requests
- Administering accounts
- Improving our website, services, and customer experience
- Preventing and detecting fraud
- Compliance with Privacy Laws:
- Yes, our services comply with applicable privacy laws.
- Adherence to other relevant data protection laws is completed in the jurisdictions where we operate.
What are the key aspects of Viatek's PII handling?
- Information Security Management: We are certified with ISO 27001:2013 for Information Security, which ensures we follow best practices in protecting information assets.
- Quality Management: Our ISO 9001:2015 certification demonstrates our commitment to maintaining high standards in our processes, including data handling.
- Security Measures: We implement robust security measures to protect personal information, including encryption and secure data storage practices.
- Data Governance: We have a Data Governance Policy that guides the classification and handling of information assets.
- Risk Assessment: Regular risk assessments are conducted to identify and mitigate potential threats to data security.
- Employee Training: We educate and train our staff to maintain awareness of security practices and foster a culture that supports information security.
- Continuous Improvement: We conduct annual audits of our management systems and processes to ensure they remain effective and up to date.
By adhering to these practices and standards, we strive to ensure that all PII is handled securely and complies with relevant privacy laws and regulations.
Information Security, Encryption and Storage
What data encryption technologies does Viatek employ to secure data in transmission and storage?
At Viatek, we prioritise data security in transit and at rest. Our approach to data encryption is as follows:
- Data Encryption in Transmission:
- Yes, all data transmitted over our network is encrypted.
- We use SSL (Secure Sockets Layer) encryption for E-Automate information transmission.
- This ensures that data is protected from interception during transfer between systems or to/from clients.
- Data Encryption at Rest:
- Any data stored is encrypted at rest.
- Credential data:
- We use a self-hosted password manager with full auditing capabilities to store any credentials used internally or at customer sites.
Additional Security Measures:
- Our encryption practices are part of our broader information security management system, which is ISO 27001:2013 certified.
- We regularly review and update our encryption technologies to align with industry best practices and emerging security standards.
Where is data stored at rest, and can it be stored within Australia?
All data at rest is stored within Australia.
If you have specific requirements or requests regarding data storage, please feel free to contact us, and we will do our best to accommodate them.
What is Viatek's process for data handling upon service exit, and what is the data retention policy?
At Viatek, we have established procedures for handling data when a client requests to exit our services. Our approach includes:
- Data Purge Process:
- Upon request for service exit, we initiate a data purge process to remove the client’s data from our active systems.
- This process ensures that the client’s data is no longer accessible or used within our operational environment.
- Data Destruction/Deletion and Backups:
- The data purge process does not include deleting data from backups.
- Backups are retained for a specified period to ensure business continuity and comply with regulatory requirements.
- Data Export at Exit:
- Yes, we provide a process that allows for data to be exported in a reusable form when a client exits our services.
- This ensures clients can retrieve their data and potentially migrate it to another system or service provider.
- Data Retention Policy:
- Data about Viatek’s customers is kept perpetually.
- This long-term retention allows us to maintain historical records and provide continuity of service for long-standing clients.
5. Additional key points:
- We prioritise data security and privacy throughout the exit process.
- Clients can request their data in a usable format before purging it from our active systems.
- While customer data is retained indefinitely, we maintain strict access controls and security measures to protect this information.
We recommend that clients discuss their specific data handling requirements with their Viatek representative when considering service exit to ensure all needs are met.
Suppliers, Software, Service and Maintenance
How does Viatek ensure that any software supplied to customers is secure and free from malicious code?
While Viatek primarily focuses on hardware solutions, in instances where we do supply software to our customers, we take several measures to ensure its security and integrity:
- Trusted Suppliers: We exclusively work with reputable, best-in-breed software providers known for their commitment to security and quality.
- Supplier Liaison: We maintain close communication with our software suppliers to stay informed about their security practices and any potential vulnerabilities.
- Software Support: All software we provide comes with dedicated support, ensuring that any security updates or patches are promptly available and implemented.
- Due Diligence: Before offering any software solution, we conduct thorough evaluations to verify its security and reliability.
- Continuous Monitoring: We stay vigilant about any security advisories or alerts related to the software we supply and act swiftly if any issues are identified.
Our approach prioritizes the security and trustworthiness of any software we provide, giving our customers peace of mind when using these solutions in their business operations.
How does Viatek assess its third-party suppliers?
At Viatek, we maintain a rigorous process for assessing our third-party suppliers to ensure they meet our high standards for security, reliability, and performance. Our assessment process consists of two main components:
- Initial Supplier Evaluation:
- Conducted as part of our business case creation process
- Thoroughly assesses potential suppliers before engagement
- Evaluate factors such as security practices, financial stability, industry reputation, and alignment with our business needs
- Annual Supplier Assessments:
- Part of our ongoing risk management processes
- Regular reviews to ensure continued compliance and performance
- Assesses any changes in the supplier’s practices or circumstances
- Helps identify and mitigate potential risks
- Key benefits of our assessment approach:
- Ensures consistent quality and reliability in our supply chain
- Mitigates potential risks associated with third-party relationships
- Maintains compliance with industry standards and regulations
- Supports continuous improvement in our supplier relationships
This comprehensive approach to supplier assessment helps us maintain the integrity of our services and protect our customers’ interests.
What is Viatek's patch management procedure?
At Viatek, we employ a comprehensive patch management procedure that combines automation with manual oversight to ensure our systems remain secure and up to date. Our approach includes:
- Automated Patching:
- We utilise several systems within our Viatek tool-stack to automate the patching process.
- This automation allows for regular, consistent updates across our infrastructure.
- Benefits include:
- Timely application of critical security updates
- Reduced human error in patch deployment
- Efficient management of large-scale systems
- Ad Hoc Manual Patching:
- In addition to automated processes, we perform manual patching as required.
- This approach is beneficial for addressing:
- Newly discovered vulnerabilities that require immediate attention
- Specific systems that may need tailored patching solutions
- Patches that require additional testing or verification before widespread deployment
Critical aspects of our patch management procedure:
- Continuous Monitoring: Our systems constantly scan for available updates and security patches.
- Risk Assessment: Each patch is evaluated for its importance and potential impact before deployment.
- Testing: Critical patches undergo testing in a controlled environment before wide-scale implementation.
- Deployment Scheduling: We schedule patch deployments to minimise disruption to business operations.
- Verification: Post-deployment checks ensure patches are applied correctly and systems remain stable.
What is the jurisdiction for Viatek's service contracts?
All service contracts at Viatek are governed by the laws of Australia. This ensures that our agreements are compliant with Australian legal standards and regulations, providing clarity and security for our clients.