Security FAQ

Security is, and always will be, a cat-and-mouse game. When we tighten controls and adopt more secure technologies, adversaries will always be looking for new ways to circumvent. For this reason, Insentra adopts a continuous and never-ending cycle of improvement to our cybersecurity. We use a risk-based approach to identifying and minimising security threats which we manage through the adoption of ISO 27001 standard and our Information Security Management System. ISO 27001 is a globally recognised standard that provides a framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). The ISMS is a systematic approach to managing sensitive company information so that it remains secure. 

The ISO 27001 approach to cybersecurity involves the following steps: 

• Define the scope of the ISMS: this involves identifying the boundaries of the organisation’s information security and determining which assets and processes need to be protected 
• Conduct a risk assessment: the organisation should assess the risks associated with its information assets and processes, including the likelihood of a threat occurring and the potential impact if it does 
• Develop a risk management plan: based on the results of the risk assessment, the organisation should develop a risk management plan that includes appropriate controls and countermeasures to mitigate the identified risks 
• Implement and monitor the ISMS: the organisation should implement the risk management plan and establish a system to monitor and review the effectiveness of the ISMS. This includes ongoing risk assessments, regular security audits, and crew training and awareness programs 
• Continual improvement: the organisation should continually review and improve the ISMS, based on the results of ongoing monitoring and regular internal and external audits 

By following the ISO 27001 approach to cybersecurity, Insentra can effectively manage our information security risks and protect our crew, partners and customers’ sensitive data. 

We perform a range of security audits and vulnerability assessments throughout the year, most follow a strict cadence from monthly, through quarterly to annually . These include: Internal audits, external pen testing, vendor vulnerability patching processes and other utilities to manage vulnerability reviews. We maintain vulnerability assessment and treatment plans with procedure to address vulnerabilities by severity from immediate (up to 24 hours) through monthly cycles and specific programs to address findings where required (such as Pen Testing). 

Our ISO 27001:2013 certification can be viewed here. Insentra is partnered with CyberGRX to provide interested parties with mapping of Insentra’s cybersecurity against many security frameworks and standards including: 

• Australian Government ISM and Essential Eight 
• NIST CSF 
• MITRE ATT&CK 
• Cloud Security Alliance CCM 

If you would like to receive an invitation to view Insentra’s results, please send the following information to info.sec@insentragroup.com: 

• Your company name 
• Your company URL 
• Your full name 
• Your email address 

All of Insentra’s data and server–compute are housed in cloud services. Insentra has a cloud services policy outlining the minimum standard to which our cloud providers must adhere to. Insentra conducts Third-Party risk assessments for all of our cloud vendors prior to any use of their services and on a periodic basis thereafter. 

Insentra has an incident response plan that conforms to ISO 27001 Annex A.16: Information Security Incident Management. The purpose of this section of Annex A is the provide a robust, complete and efficient method of managing the incident lifecycle. Insentra’s incident management includes: 

• Initial incident triage to classify and appropriately respond to each type of incident 
• Response plans for different types of attack 
• Ransomware 
• Denial of Service 
• Data breach 
• Notification procedures 

We sure do. In fact, no single BCP procedure or plan is ‘one size fits all’. Insentra follows a framework that defines the BCP and DR approach, coupled with multiple procedures covering the range of areas we need to deal with daily. We also run simulation and tabletop exercises to ensure we identify gaps in our approach and are prepared in case of a real disaster.  

Insentra has partnered with KnowBe4 to provide comprehensive and continuous security awareness training. Regular training includes: 

• Regular (monthly) training content 
  • Training modules 
  • Videos 
  • Games 
• Weekly newsletters 
  • Weekly security hints and tips 
  • Scam of the week 
• Regular phishing testing 
  • Remediation training 

In addition to the above, we conduct annual assessments of crew awareness: 

• Security Awareness proficiency 
• Security Culture survey 
• Insentra’s Security policy  

Insentra has identified a list of organisations providing insights, news, and trends in the industry. We are also on the lookout for new sources of cybersecurity information to bolster our list. 

Insentra collects and uses data about individuals, including customers and stakeholders, and is subject to various legislation for protecting personal data. For this reason, Insentra enforces a Privacy and Personal Data Protection Policy. This policy aims to describe the relevant legislation and how Insentra ensures compliance. GDPR is a significant piece of legislation that Insentra adheres to, and the policy describes fundamental definitions and principles related to processing personal data. The policy also outlines the rights of individuals under GDPR and the timescales for requests related to these rights. Insentra operates an ISMS that conforms to the ISO/IEC 27001 international standard to ensure compliance with these principles. 

Our business and internal information systems management processes are designed to comply with the following national and international legislation with regards to data protection and user privacy: 

• GDPR 

Insentra recognises the importance of protecting personal data and complying with relevant legislation, including the GDPR. To ensure compliance, the company has established policies and procedures, and is committed to upholding the fundamental principles of the GDPR, such as lawfulness, fairness, transparency, and data minimisation. Additionally, Insentra acknowledges the rights of individuals under the GDPR and has implemented procedures to address them. 

• Privacy Act 1988 (Cth) (Privacy Act) 

We are bound by the Act and will protect your personal information in accordance with the Australian Privacy Principles. These principles govern how we can collect, use, hold and disclose your personal information, as well as ensuring the quality and security of your personal information. 

• UK Data Protection Act 1988 (DPA) 

Our systems compliance with the above legislations, all of which are stringent in nature, means that they are likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact us for clarification. 

Insentra is committed to complying with relevant legislation and ensuring the protection of personal data, including identifiable information about individuals such as partners, customers, crew, subscribers, and other stakeholders. We have implemented policies and procedures related to information classification, labelling, acceptable use, electronic messaging, internet use, and information security incident response, among others. 

Insentra acknowledges the significance of the General Data Protection Regulation (GDPR) and other relevant legislation, and aims to ensure compliance with these laws at all times. They define personal data, processing, and controller as per the GDPR and have adopted the fundamental principles upon which the GDPR is based, including lawfulness, fairness, and transparency in processing personal data, purpose limitation, data minimisation, accuracy, storage limitation, and integrity and confidentiality. 

Insentra is committed to ensuring that individuals’ rights, such as the right to be informed, access, rectification, erasure, restrict processing, data portability, and object, are respected and supported by appropriate procedures. They have specified the timescales within which such requests must be processed. Insentra acknowledges that any data sharing with third parties is subject to applicable legislation and consent requirements, and they will take necessary measures to ensure data privacy and security when sharing data with such parties.