INFORMATION SECURITY POLICY
Our Information Security Policy is updated regularly to ensure it fits our current systems and requirements. All employees must sign and accept the policy and on-going training is given around policy requirements. We also assist customers with their policies to ensure they are fit for purpose in this mobile, BYOD and cloud-first world.

SECURITY TRAINING
All Mobile Mentor employees must complete Security Awareness training throughout the year and complete a yearly assessment. Regular Phishing testing is completed. We use the KnowBe4 Security Awareness Training tool set.

ACCESS CONTROLS
Access to Mobile Mentor systems is protected by two factor authentication wherever possible. All applications are vetted before use and all Mobile Mentor devices (Windows 10, Mac OS, iOS and Android) are running Threat Protection agents to ensure on-going protection. Conditional Access and Cloud App Security are used for compliance monitoring.

USER ACCESS REVIEWS
Mobile Mentor gives access to systems on a least access required basis and also use Privileged Identity Management (PIM) to limit the time elevated rights are used. We regularly review who has access to our systems in addition to robust off-boarding procedures.

BUSINESS CONTINUITY
Mobile Mentor runs 100% out of the cloud on highly available and geographically redundant services. All employees are able to work from any location and both physical and system Business Continuity Planning (BCP) is tested on a regular basis.

CHANGE MANAGEMENT
Mobile Mentor has a formal change management process that is applied to all internal and customer system changes. Additionally we can follow our customers change procedures and join CAB meetings as required.

INCIDENT MANAGEMENT
Mobile Mentor treat all incidents and data breaches very seriously. In the event of an incident, a customer is notified immediately, internal root cause and reporting is completed and our customers are provided a detailed Incident report and Improvement plan. Mobile Mentor follows the Australian Government Notifiable data breach process and has systems in place to report as required in the event of a breach.

SECURITY CERTIFICATIONS
Mobile Mentor has achieved our NZ Government Security Certification as a Service Provider on the Telecommunications as a Service panel and we undergo annual assurance audits with an independent auditor. Further information about these assessments can be provided on request. We closely adhere to the National Institute of Standards and technology (NIST), Australian Government Australian Signals Directorate (ASD) and the New Zealand Information Security Manual (NZISM) security frameworks.

SECURITY CLEARANCE
All Mobile Mentor employees are police cleared through background checks during the employment process. Additional clearance is completed as required by our customers on a case by case basis.