Security at Kicking Pixels, Gatheroo & MWA
At the Kicking Pixels Group (including Kicking Pixels, Gatheroo and MyWebAdvantage), safeguarding the security, reliability, privacy, and compliance of your data is our utmost priority. While we are at the beginning of our journey towards Cyber Security and ISO compliance, rest assured that we are committed to continuously enhancing our practices to meet the highest standards of data protection.
We are dedicated to implementing measures that prioritise the safety and privacy of your information. We already implement robust encryption protocols to secure your data both at rest and in transit. Additionally, we utilise trusted sub-processors such as AWS and Bitbucket, enhancing our internal processes to bolster security and reliability, to further ensure the safety and integrity of your information.
Our commitment to your security extends beyond mere compliance; it’s embedded in every facet of our operations. As we navigate this journey, we invite you to explore our Trust Center for updates, insights, and supporting documentation on our ongoing efforts to uphold the integrity of your data.
Determining the scope of the information security management system
The organization shall determine the boundaries and applicability of the information security management system to establish its scope. When determining this scope, the organization shall consider:
a) the external and internal issues referred to in 4.1;
b) the requirements referred to in 4.2;
c) interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations.
The scope shall be available as documented information.
Inventory of information and other associated assets
An inventory of information and other associated assets, including owners, shall be developed and maintained.
Return of assets
Personnel and other interested parties as appropriate shall return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement.
Intellectual property rights
The organization shall implement appropriate procedures to protect intellectual property rights.
Security of assets off-premises
Off-site assets shall be protected.
Storage media
Storage media shall be managed through their life cycle of acquisition, use, transportation and disposal in accordance with the organization’s classification scheme and handling requirements.
Secure disposal or re-use of equipment
Items of equipment containing storage media shall be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal or re-use.
ICT readiness for business continuity
ICT readiness shall be planned, implemented, maintained and tested based on business continuity objectives and ICT continuity requirements.
Information backup
Backup copies of information, software and systems shall be maintained and regularly tested in accordance with the agreed topic-specific policy on backup.
Redundancy of information processing facilities
Information processing facilities shall be implemented with redundancy sufficient to meet availability requirements.
Capacity management
The use of resources shall be monitored and adjusted in line with current and expected capacity requirements.
Configuration management
Configurations, including security configurations, of hardware, software, services and networks shall be established, documented, implemented, monitored and reviewed.
Planning of Changes
When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner.
Installation of software on operational systems
Procedures and measures shall be implemented to securely manage software installation on operational systems.
Change management
Changes to information processing facilities and information systems shall be subject to change management procedures.
Information security for use of cloud services
Processes for acquisition, use, management and exit from cloud services shall be established in accordance with the organization’s information security requirements.
Internal Audit – General
The organization shall conduct internal audits at planned intervals to provide information on whether the information security management system:
a) conforms to
the organization’s own requirements for its information security management system;
the requirements of this document;
b) is effectively implemented and maintained.
Internal Audit Program
The organization shall plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting.
When establishing the internal audit programme(s), the organization shall consider the importance of the processes concerned and the results of previous audits.
The organization shall:
a) define the audit criteria and scope for each audit;
b) select auditors and conduct audits that ensure objectivity and the impartiality of the audit process;
c) ensure that the results of the audits are reported to relevant management;
Documented information shall be available as evidence of the implementation of the audit programme(s) and the audit results.
Nonconformity and corrective action
When a Nonconformity occurs, the organization shall:
a) React to the nonconformity, and as applicable:
take action to control and correct it;
deal with the consequences
b) evaluate the need for action to eliminate the causes of nonconformity, in order that it does not recur or occur elsewhere, by;
reviewing the nonconformity;
determining the causes of the nonconformity; and
determining if similar nonconformities exist, or could potentially occur
c) implement any action needed;
d) review the effectiveness of any corrective action taken; and
e) make changes to the information security management system, if necessary.
Corrective actions shall be appropriate to the effects of the nonconformities encountered.
Documented information shall be available as evidence of:
f) The nature of the nonconformities and any subsequent actions taken,
g) the results of any corrective action.
Legal, statutory, regulatory and contractual requirements
Legal, statutory, regulatory and contractual requirements relevant to information security and the organization’s approach to meet these requirements shall be identified, documented and kept up to date.
Organizational security
Determining the scope of the information security management system
The organization shall determine the boundaries and applicability of the information security management system to establish its scope. When determining this scope, the organization shall consider:
a) the external and internal issues referred to in 4.1;
b) the requirements referred to in 4.2;
c) interfaces and dependencies between activities performed by the organization, and those that are performed by other organizations.
The scope shall be available as documented information.
Inventory of information and other associated assets
An inventory of information and other associated assets, including owners, shall be developed and maintained.
Return of assets
Personnel and other interested parties as appropriate shall return all the organization’s assets in their possession upon change or termination of their employment, contract or agreement.
Intellectual property rights
The organization shall implement appropriate procedures to protect intellectual property rights.
Security of assets off-premises
Off-site assets shall be protected.
Storage media
Storage media shall be managed through their life cycle of acquisition, use, transportation and disposal in accordance with the organization’s classification scheme and handling requirements.
Secure disposal or re-use of equipment
Items of equipment containing storage media shall be verified to ensure that any sensitive data and licensed software has been removed or securely overwritten prior to disposal or re-use.
ICT readiness for business continuity
ICT readiness shall be planned, implemented, maintained and tested based on business continuity objectives and ICT continuity requirements.
Information backup
Backup copies of information, software and systems shall be maintained and regularly tested in accordance with the agreed topic-specific policy on backup.
Redundancy of information processing facilities
Information processing facilities shall be implemented with redundancy sufficient to meet availability requirements.
Capacity management
The use of resources shall be monitored and adjusted in line with current and expected capacity requirements.
Configuration management
Configurations, including security configurations, of hardware, software, services and networks shall be established, documented, implemented, monitored and reviewed.
Planning of Changes
When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner.
Installation of software on operational systems
Procedures and measures shall be implemented to securely manage software installation on operational systems.
Change management
Changes to information processing facilities and information systems shall be subject to change management procedures.
Information security for use of cloud services
Processes for acquisition, use, management and exit from cloud services shall be established in accordance with the organization’s information security requirements.
Internal Audit – General
The organization shall conduct internal audits at planned intervals to provide information on whether the information security management system:
a) conforms to
the organization’s own requirements for its information security management system;
the requirements of this document;
b) is effectively implemented and maintained.
Internal Audit Program
The organization shall plan, establish, implement and maintain an audit programme(s), including the frequency, methods, responsibilities, planning requirements and reporting.
When establishing the internal audit programme(s), the organization shall consider the importance of the processes concerned and the results of previous audits.
The organization shall:
a) define the audit criteria and scope for each audit;
b) select auditors and conduct audits that ensure objectivity and the impartiality of the audit process;
c) ensure that the results of the audits are reported to relevant management;
Documented information shall be available as evidence of the implementation of the audit programme(s) and the audit results.
Nonconformity and corrective action
When a Nonconformity occurs, the organization shall:
a) React to the nonconformity, and as applicable:
take action to control and correct it;
deal with the consequences
b) evaluate the need for action to eliminate the causes of nonconformity, in order that it does not recur or occur elsewhere, by;
reviewing the nonconformity;
determining the causes of the nonconformity; and
determining if similar nonconformities exist, or could potentially occur
c) implement any action needed;
d) review the effectiveness of any corrective action taken; and
e) make changes to the information security management system, if necessary.
Corrective actions shall be appropriate to the effects of the nonconformities encountered.
Documented information shall be available as evidence of:
f) The nature of the nonconformities and any subsequent actions taken,
g) the results of any corrective action.
Legal, statutory, regulatory and contractual requirements
Legal, statutory, regulatory and contractual requirements relevant to information security and the organization’s approach to meet these requirements shall be identified, documented and kept up to date.