We take a structured, proactive approach to managing information security risks.
We recognize that safeguarding sensitive information is not only a legal and regulatory obligation but also a fundamental responsibility to our customers, employees, and stakeholders.
We prioritize continuous education and training for our workforce, deploy state-of-the-art security technologies, conduct regular risk assessments, and maintain robust incident response protocols.
This commitment ensures a resilient and proactive approach to addressing cyber threats and maintaining the trust of those we serve.
Our approach to managing information security risks.
Our architecture philosophy is founded on the principles of defence-in-depth, proactive threat mitigation, continuous monitoring, and a risk-based approach to safeguarding data and systems. Robust security controls, adherence to industry best practices, and a culture of security awareness ensure the confidentiality, integrity, and availability of our critical information assets.
Our structured, proactive approach employs a strong internal set of data protection controls including access controls, encryption, network segregation, traffic inspection, and secure storage. This is overlaid by a program of continuous monitoring, collection and secure storage of audit and access logs, patching, threat protection and vulnerability detection processes.
The Information Security Committee (ISC) is co-chaired by our CEO and Founder, Richard White, and our Head of Information Services. During ISC meetings, members review internal and external environments that may affect our business or our customers, and establish strategies and objectives to meet current and new risks. The Committee also regularly reviews industry trends, legislative and regulatory changes, and information security threat intelligence updates.
Throughout the year we run cyber-attack simulations to test and improve our internal incident response processes. Together with annual business continuity planning, disaster recovery and crisis management simulations, this serves to prepare our teams for the many variations that a cyber-attack may take.
We keep our people aware of cybersecurity threats and conduct regular phishing awareness campaigns to provide staff with the knowledge to identify phishing via a range of avenues, including business emails. These campaigns complement our security and data protection training, which is mandatory for all WiseTech employees and contractors.
The global standard for managing information security. Compliance means a comprehensive system is in place to handle risks, which adheres to best practices for securing company data.
Outlines information related to the various internal controls used by the company for security, availability, processing, integrity, confidentiality, and privacy.
We manage risks associated with cybersecurity threats via our Enterprise Risk Framework, in alignment with ISO 31000 (Risk Management).
Our Information Security Risk Management Framework guides the assessment of risks and associated controls by systematically identifying potential threats and vulnerabilities, evaluating their potential impact on our organization’s assets, and determining the appropriate risk response strategies.
We also align to highly regarded and globally recognized programs that provide assurance to our customers, including the NIST Cybersecurity Framework, OWASP and ACSC Essential Eight, and to standards published by the Center for Internet Security (CIS).