top of page
Search

Cybersecurity Policy


Ascend GRC is committed to protecting its digital assets, sensitive data, and IT systems from cyber threats. This policy establishes cybersecurity practices to ensure confidentiality, integrity, and availability of information, in compliance with Australian regulations and international security standards.
Ascend GRC Cybersecurity Policy

Cybersecurity Policy

1. Purpose

Ascend GRC is committed to protecting its digital assets, sensitive data, and IT systems from cyber threats. This policy establishes cybersecurity practices to ensure confidentiality, integrity, and availability of information, in compliance with Australian regulations and international security standards.


2. Scope

This policy applies to all employees, board members, contractors, volunteers, and third parties accessing Ascend GRC’s IT systems, data, and networks.


3. Definitions

  • Cybersecurity: The protection of IT systems, networks, and data from cyber threats.

  • Data Breach: Unauthorised access, disclosure, or loss of sensitive information.

  • Multi-Factor Authentication (MFA): An additional security layer requiring more than one form of verification.

  • Phishing: A fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity.


4. Policy StatementAscend GRC is committed to:

  • Protecting IT infrastructure, data, and systems from cyber threats.

  • Ensuring compliance with cybersecurity laws and best practices.

  • Educating employees on cybersecurity awareness and responsibilities.

  • Implementing proactive monitoring and incident response measures.


5. Cybersecurity Measures

  • Access Control: Enforce role-based access controls (RBAC) and MFA for all critical systems.

  • Data Protection: Encrypt sensitive information and ensure secure storage.

  • Network Security: Deploy firewalls, endpoint protection, and intrusion detection systems.

  • Secure Communication: Use encrypted email and VPNs for remote access.

  • Incident Response: Maintain a Cyber Incident Response Plan for timely action against breaches.

  • Regular Security Audits: Conduct vulnerability assessments and penetration testing.


6. Employee Responsibilities

  • Adhere to password policies and use MFA where required.

  • Report phishing attempts, data breaches, or suspicious activities immediately.

  • Avoid using unauthorised devices or software for work purposes.

  • Complete mandatory cybersecurity awareness training annually.


7. Compliance & Enforcement

  • Non-compliance with this policy may result in disciplinary action, including restricted system access or termination.

  • Regular audits and security assessments will ensure ongoing compliance.


8. Related Legislation & Standards

  • Privacy Act 1988 (Cth) & Australian Privacy Principles (APPs).

  • Security of Critical Infrastructure Act 2018 (Cth).

  • ISO 27001: Information Security Management.

  • Australian Cyber Security Centre (ACSC) Essential Eight.


9. Review & Approval

This policy will be reviewed annually by the IT Security Team and the Board of Directors.


10. Contact Information

For cybersecurity concerns or incident reporting, please contact:

Ascend GRC IT Security Team

bottom of page