Security Policy

ergonomicoffice – Security & Cyber Protection Policy

ergonomicoffice Pty Limited (“we”, “us”, “our”) is committed to safeguarding customer information, protecting personal data, and maintaining strong cyber security standards across our systems, staff, and operations.
This Security & Cyber Protection Policy outlines:

  • How we protect electronic and physical data

  • How online payments are secured

  • Our cyber security controls

  • How we respond to suspected or actual data breaches

This document supports our compliance with:

  • The Privacy Act 1988 (Cth)

  • Australian Privacy Principles (APPs)

  • Relevant  Government supplier obligations

  • Industry best practices for SME cyber security

1. Information Security Overview

We take all reasonable steps to protect the confidentiality, integrity and availability of information held by ergonomicoffice whether stored electronically or in hard-copy form.

Our security practices include:

  • Encrypted website sessions (2048-bit v3 SSL)

  • Restricted and role-based access to systems

  • Firewalls and intrusion-prevention systems

  • Antivirus, anti-malware and email filtering

  • Strong password management

  • Regular system updates and patching

  • Secure disposal of paper records

  • Staff controls and confidentiality requirements

We continuously review and strengthen our cyber posture in response to emerging risks.

2. Payment Security – No Credit Card Details Stored

ergonomicoffice does not store or process credit card numbers.

All online card transactions are handled securely through the EWAY payment gateway, which is certified to:

  • PCI DSS Level 1 (highest global card security standard)

  • Bank-grade encryption and tokenisation

  • Secure fraud-prevention systems

Payment details cannot be viewed, accessed or recovered by ergonomicoffice staff.

3. Website & Application Security

All online transactions are protected by:

  • SSL/TLS encryption

  • Encrypted data transmission during checkout

  • Secure session handling

  • Regular vulnerability management

  • Use of modern, supported software platforms

Signs of a secure connection include:

  • Padlock symbol in your browser

  • “https://” prefix

  • Valid SSL certificate

4. Cyber Security Statement

ergonomicoffice maintains cyber security practices aligned with government and industry expectations for small to medium enterprises.
Our core controls include:

4.1 Network & System Security

  • Firewalls, anti-malware and endpoint protection

  • Security monitoring and anomaly detection

  • Regular patching of operating systems and platforms

  • Multi-layer filtering on email and network traffic

4.2 Access Control & Authentication

  • Role-based access

  • Unique user accounts

  • Password complexity requirements

  • Restricted administrative access

  • Revocation of access upon staff departure

4.3 Secure Third-Party Providers

We partner only with reputable third-party service providers for:

  • Hosting

  • CRM and email platforms

  • Payment processing

  • Cloud storage

  • IT support

These providers must maintain security standards consistent with industry norms.

Some data may be processed or stored outside Australia on secure, privacy-compliant systems.
We take reasonable steps to ensure any overseas data handling is consistent with the Australian Privacy Principles.

4.4 Staff Awareness

  • Staff confidentiality obligations

  • Limited access on a need-to-know basis

  • Awareness of phishing, social engineering and data handling risks

  • Internal policies for data handling and disposal

5. Hard-Copy Information Security

Where hard-copy records exist (e.g., invoices, delivery slips), they are stored in secure, access-controlled areas.
When no longer required, documents are destroyed using secure shredding processes.

6. Data Breach Response Procedure

ergonomicoffice maintains a structured and proactive process for responding to data breaches, consistent with APP 11 and the Notifiable Data Breaches (NDB) Scheme.

A “data breach” includes:

  • Unauthorised access to personal information

  • Unauthorised disclosure

  • Loss of personal information in circumstances where access is likely

6.1 Detection & Identification

Possible breaches may be identified through:

  • System alerts

  • Staff reports

  • Customer enquiries

  • Notifications from third-party providers

  • Suspicious account or system activity

6.2 Immediate Containment

Upon suspicion of a breach, we will:

  1. Restrict or disable compromised accounts

  2. Shut down affected systems or endpoints if necessary

  3. Suspend access or isolate impacted systems

  4. Secure physical records that may be affected

  5. Engage IT support where required

6.3 Assessment

We conduct a prompt assessment (typically within 3  days) to determine:

  • What information was involved

  • Whether the breach is likely to result in serious harm

  • Which individuals may be affected

  • Whether the breach meets the criteria for notification

6.4 Notification (If Required)

If a breach is likely to cause serious harm, we will notify:

  • The affected individuals

  • The Office of the Australian Information Commissioner (OAIC)

  • Any relevant government clients, where required

  • Third parties whose systems may also be affected

Notifications will include:

  • Description of the breach

  • Types of information involved

  • Recommended steps individuals can take

  • Actions taken by ergonomicoffice to mitigate harm

6.5 Remediation

We will take steps to:

  • Secure or recover compromised information

  • Strengthen system protections

  • Patch vulnerabilities

  • Reset credentials or access

  • Improve internal policies to prevent recurrence

6.6 Documentation

All breaches, whether notifiable or not are logged and recorded for review, audit, and future prevention.

7. Customer Responsibilities

Account Login customers play an important role in maintaining security.
We recommend:

  • Using strong and unique passwords

  • Keeping login credentials secure

  • Ensuring devices are protected by antivirus and software updates

  • Reporting suspicious activity immediately.

8. Reporting Security Issues

If you believe your data or account may have been compromised, please contact:

ergonomicoffice Privacy & Security Officer
Email: sales@ergonomicoffice.com.au


Phone: 1300 555 930

We will act promptly to investigate and address your concern.