Policies > Security Statement

How We Protect Our Clients' Data

At Cyber Matters, we recognise the significance of safeguarding your sensitive data and maintaining the trust and confidence of our clients and partners. In an ever-evolving digital landscape, information security is not just an essential aspect of our operations; it is an uncompromising value to which we are steadfastly committed.

Last Updated on 6 Jan 2026

Compliance Status


ISO 27001

ISO 27001
Certification in Progress
(June 2026 Completion)

ISO 42001

ISO 42001
Certification in Progress
(September 2026 Completion)

SOC 2

SOC 2
Type 2 Audit in Progress
(June 2026 Completion)

CSA STAR

CSA STAR
Level 1
Self-Attestation

ASD Essential 8

ASD Essential 8
Level 3
Self-Assessment

Request Documentation

Access our security reports, including External Penetration Tests, CAIQ, and Compliance Attestations.


Vulnerability Report

Request access to our latest vulnerability assessment, powered by Aikido Security. This live report provides real-time visibility into our security posture, including open findings, severity ratings, and remediation status across our infrastructure and applications.


Request Vulnerability Report

Compliance Monitoring

🔧

App Security

Password Policy
Quarterly Vulnerability Scan
Responsible Disclosure (Bug Bounty)
Security Patches Automatically Applied
Security Policy
Security Training
🛡️

Data Security

Annual Review of Purposes
Annual Risk Assessment
Anti-Malware Capabilities
Anti-Malware Scans of Media
🖥️

Infrastructure Security

AI Risk Management Policy
AI Risk Tracking
AI System Opt-Out
Annual Incident Response Test
Annual Performance Evaluations

Subprocessors

Amazon Web Services Hubspot Google Workspace Stripe Atlassian Ignition Xero

Security & Privacy FAQs

How do you handle our sensitive project data? +
We follow the principle of least privilege. Project data is restricted to only the consultants assigned to your engagement, and all data is purged from our active systems 30 days after the project's conclusion unless otherwise agreed.
Do you perform background checks on your consultants? +
Yes. All Cyber Matters staff undergo rigorous background checks, including criminal history and reference checks. Consultants working on sensitive Australian projects often hold or are eligible for relevant security clearances.
How does Cyber Matters manage its own internal security? +
We "drink our own champagne" by maintaining a strict internal security program. This includes mandatory Multi-Factor Authentication (MFA) on all accounts, encrypted endpoints, and continuous compliance monitoring via Drata.
What insurance coverage do you maintain? +
Cyber Matters maintains comprehensive Professional Indemnity and Cyber Liability insurance to provide our clients with peace of mind regarding the advice and services we deliver.
How do you ensure the security of your subprocessors? +
We conduct annual security assessments of all third-party vendors. We only partner with subprocessors who maintain recognized certifications such as SOC 2 Type 2 or ISO 27001.


Our Information Security Principles

Commitment to Privacy and Confidentiality

In accordance with the Australian Privacy Act 1988, including the Australian Privacy Principles, we are dedicated to ensuring the confidentiality and privacy of our clients’ data. Our policies, procedures, and technology are tailored to protect your information from unauthorised access and disclosure.

Integrity and Data Protection

Our systems and processes are designed to safeguard the accuracy and integrity of your data. We continually strive to ensure that information is available and usable when needed and that it remains unaltered from its original state.

Resilience against Cyber Threats

Adhering to the Australian Cyber Security Centre (ACSC) guidelines, we have implemented robust cyber security measures to protect against potential threats and vulnerabilities.

Compliance with Regulations

We are committed to complying with the Australian legal and regulatory requirements. This includes the Notifiable Data Breaches (NDB) scheme, which requires us to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.

Continuous Improvement and Adaptation

In line with the fast-paced and evolving nature of cyber threats, we actively engage in regular reviews and updates of our security practices. Our proactive approach ensures that we remain at the forefront of security compliance and risk management.

Education and Awareness

We believe that security is everyone’s responsibility. We invest in continuous education and awareness programmes for our staff to ensure they are well-equipped to identify and mitigate potential security risks.

Incident Response and Management

We have implemented a comprehensive incident response and management strategy to promptly and effectively address any security breaches or incidents. This involves identifying, managing, and mitigating risks in compliance with the Australian Standard AS/NZS ISO/IEC 27035:2011 for information security incident management.

Transparent Communication

We foster open communication with our clients regarding our security practices. Our commitment to transparency helps in building and maintaining trust, and we are here to assist you with any queries or concerns regarding data security.

We update our policies regularly, check back for changes. If you have a question about our policies or practices, contact us at hello@cybermatters.com.au.

Have a question about our policies?

We're happy to answer questions about how we handle data, our security posture, or our service terms.

Book a Free Chat