Our business
Our technology delivers efficiencies and enhances productivity, transparency, visibility, and control of the operations of large freight forwarders and global logistics providers, enabling them to mitigate risk. Our customers are global supply chain logistics providers and large freight forwarders.
Our product development and capacity are fundamental to our business and key to our competitiveness, customer attraction, and retention.
We remain committed to invest in research and development to ensure we remain at the forefront of addressing the evolving needs of participants on the global supply chain and logistics sector.
Our industry - leading flagship product
CargoWise centralizes logistics operations on a single global database, delivering business continuity, scalability, and security.
It provides a cloud-based, supply chain and logistics execution software solution. Our customers manage their involvement in logistics and the global supply chain in areas such as freight forwarding, customs, tracking, warehousing, cross-border compliance and transport by air, sea, rail and road through CargoWise.
Real-time data visibility in CargoWise helps our customers track the movement of goods, origin to destination, enabling the efficient execution of logistics processes.
We are building a global network of CargoWise Partners, Certified Practitioners, education institutions, and industry partners for freight forwarding, Our network of technology and logistics experts work within the logistics industry across our customers, associations and logistics businesses
Data security and privacy
WiseTech places data and cyber security at the forefront of its development process. We have adopted a structured, proactive approach to managing information security risks, using a strong internal set of controls related to data protection. Our layered approach to protecting customer data includes employee training, physical security, system security, policies, logging and auditing.
WiseTech Global and its subsidiaries recognize the importance of data privacy and comply with relevant data privacy regulations, including the EU General Data Protection Regulation (GDPR), to safeguard the security and privacy of all customer data.
WiseTech places information security at the forefront of its operations and culture, recognizing that safeguarding sensitive information is not only a legal and regulatory obligation but also a fundamental responsibility to our customers, employees and stakeholders.
We prioritize continuous education and training for our workforce, deploy state-of-the-art security technologies, conduct regular risk assessments, and maintain robust incident response protocols to ensure a resilient and proactive approach to addressing cyber threats and maintaining the trust of those we serve.
Our structured, proactive approach to managing information security risks applies a strong set of internal data protection controls.
These include access controls, encryption, network segregation, network traffic inspection and secure storage. This is overlaid by a program of continuous monitoring, collection and secure storage of audit and access logs, patching, threat protection and vulnerability detection processes.
Our architecture philosophy is founded upon the principles of defense-in-depth, proactive threat mitigation, continuous monitoring, and a risk-based approach to safeguarding data and systems. We prioritize the implementation of robust security controls, adherence to industry best practices, and a culture of security awareness to ensure the confidentiality, integrity, and availability of our organization's critical information assets.
We manage risks associated with cybersecurity threats via our Enterprise Risk Framework, in alignment with ISO31000 (Risk Management). Our Information Security Risk Management Framework guides the assessment of risks and associated controls by systematically identifying potential threats and vulnerabilities, evaluating their potential impact on our organization’s assets, and determining the appropriate risk response strategies.
Our information security management system is ISO27001 certified. We have successfully achieved SOC 1 and SOC 2 attestations, and align to the NIST Cybersecurity Framework, OWASP and ACSC Essential Eight, and to standards published by the Center for Internet Security (CIS). Our Information Security Policy provides direction for managing security risks associated with information, source code, cloud services and systems. Compliance with this Policy and all supporting material is mandatory for WiseTech Global employees, contractors and third parties who, during their work to support WiseTech, have access to WiseTech Global products, services, systems, corporate information, or customer information.
Our Information Security Committee (ISC) is in place to ensure continued management focus on the Information Security Management System (ISMS) and information security incidents. The ISC Charter defines the purpose of the Committee as to support the effective implementation, operation, and ongoing management of the ISMS through a continuous review and action process. Co-chaired by CEO Richard White and our Head of Information Services, ISC meetings review internal and external environments that may affect our business or our customers, and establish strategies and objectives to meet current and new risks. The Committee also regularly reviews industry trends, legislative and regulatory changes, and information security threat intelligence updates.
We conduct penetration testing using internal and external capability, and regularly run vulnerability testing. As part of our framework, we run operational testing, including phishing assessments and cybersecurity training which are integrated into our induction, annual training and compliance programs.
We regard our people as our first line of defense and have created security awareness training hosted on WiseTech Academy, which is mandatory for all staff to undertake annually. Our Information Services (IS) Team members must also complete detailed training on our ISMS.
WiseTech Global and its subsidiaries recognize the importance of privacy and data protection and comply with relevant laws and regulations, including the EU GDPR, to safeguard the security and privacy of all customer data.
WiseTech is headquartered in Australia and must comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. WiseTech’s Privacy and Data Collection Notice sets out how we collect, manage, and disclose personal information.
However, as a global logistics software company that services 170+ countries throughout the world, we also need to keep up to date with legal and regulatory developments globally.
We believe that complying with the toughest law provides a seamless way in which the business can continually update compliance and measures to protect and secure data. Therefore, we take the approach of complying with the most robust law globally which is currently the GDPR, a European Union regulation with extra-territorial reach.
By ensuring a uniform approach to privacy and data protection, the technical teams at WiseTech Global will not need to rewrite code again and again to respond to changes across geographies or implement certain security features for some locations but not others.
In addition to a close collaboration between our technical teams and legal in ensuring design, build, and procedures are compliant with our Australian and international legal and regulatory obligations, our external Data Protection Officer supports WiseTech to comply with the requirements of the GDPR. Our people are also required to complete privacy and data protection training and more specific training in relation to the EU GDPR.
In terms of data privacy, we have adopted the most stringent standards across our business. We have established a robust vulnerability management program with ongoing, automated scanning to uncover security vulnerabilities or misconfigurations across our infrastructure. We combine this with regular manual penetration testing; with in-house capabilities and trusted external third parties performing regular tests. We have data processing terms with customers and data collection and privacy notice informing our customers and other stakeholders how we collect and process data. We also consider the ability of our potential suppliers to ensure privacy and data protection compliance prior to proceeding with any engagement. Our standard Data Processing Addendum with our customers is available on our website..
Business continuity and resilience
The performance, reliability and availability of our technology platform, data centers and global communication systems are critical to our business.
Our business continuity framework is designed minimize the likelihood and impact of potential interruptions. It is focused on ensuring that maximum possible service levels are maintained and that we recover from interruptions as quickly as possible.
It covers our crisis management response, business continuity planning, incident response and disaster recovery planning. Plans within this framework are reviewed and tested frequently, and controls related to continuity of service are continually assessed and, where necessary, modified and improved as the internal and external environment changes.
Resilience is supported by operating separate data centers in three distinct regions around the world to reduce reliance on any individual data center, and we have processes in place to automatically replicate data. Our global network of support centers provide 24/7 365 support internally to enhance continuity Our technology framework provides for segregation of data, backups stored on independent infrastructure and critical access monitoring.
Our Incident Management Procedure governs the logging, monitoring, escalation and resolution of incidents. Implementation of this process is support by incident management plans and playbooks. Critical systems are tested regularly to ensure we can meet and respond to critical incidents. In the case of major incidents that could disrupt activities for an unacceptable period of time, a Disaster Response Plan as part of the Business Continuity Plan may be put into action by WiseTech’s Disaster Recovery Team.
Modern slavery
We are committed to conducting business in an ethical, lawful, and socially responsible manner and expect the same from our team members and suppliers.
We are committed to upholding and respecting human rights for all people as articulated in the UN Guiding Principles on Business and Human Rights, the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, the International Covenant on Economic, Social and Cultural Rights, and the International Labour Organization’s Declaration on Fundamental Principles and Rights at Work.
WiseTech’s Modern Slavery Statements may be found on the Australian Border Force Modern Slavery Statement Register. Our most recent Modern Slavery statement can be viewed on our website.
Modern slavery awareness training forms a part of WiseTech’s onboarding program for new employees, with refresher training required at least biennially.
Our cross-functional Modern Slavery Working Group determines additional activities to be undertaken to manage modern slavery risk in our business and supply chain.