INFORMATION SECURITY POLICY
Our Information Security Policy is updated regularly to ensure it fits our current systems and requirements. All employees must sign and accept the policy and on-going training is given around policy requirements. We also assist customers with their policies to ensure they are fit for purpose in this mobile, BYOD and cloud-first world.
All Mobile Mentor employees must complete Security Awareness training throughout the year and complete a yearly assessment. Regular Phishing testing is completed. We use the KnowBe4 Security Awareness Training tool set.
Access to Mobile Mentor systems is protected by two factor authentication wherever possible. All applications are vetted before use and all Mobile Mentor devices (Windows 10, Mac OS, iOS and Android) are running Threat Protection agents to ensure on-going protection. Conditional Access and Cloud App Security are used for compliance monitoring.
USER ACCESS REVIEWS
Mobile Mentor gives access to systems on a least access required basis and also use Privileged Identity Management (PIM) to limit the time elevated rights are used. We regularly review who has access to our systems in addition to robust off-boarding procedures.
Mobile Mentor runs 100% out of the cloud on highly available and geographically redundant services. All employees are able to work from any location and both physical and system Business Continuity Planning (BCP) is tested on a regular basis.
Mobile Mentor has a formal change management process that is applied to all internal and customer system changes. Additionally we can follow our customers change procedures and join CAB meetings as required.
Mobile Mentor treat all incidents and data breaches very seriously. In the event of an incident, a customer is notified immediately, internal root cause and reporting is completed and our customers are provided a detailed Incident report and Improvement plan. Mobile Mentor follows the Australian Government Notifiable data breach process and has systems in place to report as required in the event of a breach.