- Summary
This Security Policy outlines the security measures and procedures implemented by Invidia Exhausts Australia, an Australian-based E-Commerce website, to safeguard customer data, protect against cyber threats, and ensure compliance with relevant Australian laws and regulations.
- Security Objectives
2.1. Data Protection
We are committed to protecting the confidentiality, integrity, and availability of customer data. All data, including personal and financial information, will be handled with the utmost care and not used to market outside of the Invidia Exhausts Australia business ethics.
2.2. Compliance
Invidia Exhausts Australia will adhere to all applicable Australian laws and regulations related to data protection, privacy, and cybersecurity, including but not limited to the Privacy Act 1988 and the Australian Cyber Security Centre (ACSC) guidelines.
2.3. Incident Response
In the event of a security incident or data breach, Invidia Exhausts Australia will respond promptly and effectively to mitigate harm and comply with mandatory reporting requirements.
- Access Control
3.1. Authentication
Strong password policies will be enforced for all user accounts.
Multi-factor authentication (MFA) will be implemented for privileged accounts.
3.2. User Access
Access to systems and data will be granted based on the principle of least privilege.
Regular access reviews and account deprovisioning will be conducted.
- Data Security
4.1. Encryption
Sensitive data in transit will be encrypted using industry-standard protocols (e.g., HTTPS).
Sensitive data at rest will be stored in encrypted form.
4.2. Data Retention
Customer data will only be retained for the minimum period required by law and business needs.
Customer consent will be obtained for any data processing activities.
4.3. Secure Payment Processing
Payment card data will be processed in compliance with the Payment Card Industry Data Security Standard (PCI DSS).
Third-party payment processors will be used to handle payment transactions securely. We do not store credit card information, we securely submit credit card information to our bank for processing.
4.4 Afterpay Terms of Use
https://www.afterpay.com/en-AU/terms-of-service
4.5 Zipmoney Terms of Use
https://zip.co/au/page/terms-and-conditions
- Network Security
5.1. Firewall and Intrusion Detection
Firewalls and intrusion detection systems will be employed to protect against unauthorised access and attacks.
5.2. Regular Scanning and Penetration Testing
Periodic vulnerability scans and penetration tests will be conducted to identify and address potential weaknesses.
- Employee Training and Awareness
6.1. Security Training
All Invidia Exhaust employees will receive security awareness training to recognise and report security threats.
6.2. Incident Reporting
Invidia Exhaust employees will be encouraged to report security incidents promptly through established reporting channels.
- Incident Response
7.1. Incident Handling
A well-defined incident response plan will be maintained and executed in case of a security incident.
7.2. Data Breach Notification
In compliance with Australian law, customers and authorities will be notified of any data breaches as required.
- Continuous Improvement
8.1. Security Review
Regular record keeping and audits will be conducted to identify areas for improvement.
8.2. Policy Updates
This security policy will be reviewed and updated periodically to reflect changes in the threat landscape, technology, and regulations.
- Enforcement
Violations of this security policy may result in disciplinary actions, up to and including termination of employment or legal action.
- Contact Information
If you have any security-related questions or concerns, please contact:
Invidia Exhaust
- Email: enquiry@prospeedracing.com.au
- Office: 02 4340 4463
- Address: Unit 1/49 Somersby Falls Rd, Somersby NSW 2250