Cyber Security Policy

 

 Last Updated: January 2024

 At Cloth & Feather, we prioritise the security of our online store and the protection of our customers' information. This Cybersecurity Policy outlines the measures we take to safeguard against unauthorised access, data breaches, and other potential cyber threats.

 

  1. Information Security Management:

1.1. We implement and maintain an Information Security Management System (ISMS) to ensure the confidentiality, integrity, and availability of sensitive information.

1.2. Regular risk assessments are conducted to identify potential security vulnerabilities and assess the effectiveness of our security controls.

  1. Access Control:

2.1. Access to our online store's systems and data is restricted based on job responsibilities.

2.2. User accounts are regularly reviewed, and access permissions are adjusted accordingly.

  1. Data Encryption:

3.1. All sensitive data, including customer information and payment details, is encrypted during transmission using industry-standard encryption protocols.

3.2. We use secure sockets layer (SSL) certificates to encrypt data transmitted between our website and users' browsers.

  1. Secure Payment Processing:

4.1. We comply with Payment Card Industry Data Security Standard (PCI DSS) requirements for secure payment processing.

4.2. Customer payment information is securely processed and stored using encryption and tokenisation.

  1. Firewalls and Intrusion Detection Systems:

5.1. Firewalls and intrusion detection systems are employed to monitor and control network traffic to and from our online store.

5.2. Regular monitoring and analysis of network traffic help identify and respond to potential security incidents.

  1. Regular Software Updates:

6.1. All software, including the operating system, web server, and e-commerce platform, is promptly updated with the latest security patches.

6.2. Regular vulnerability assessments are conducted to identify and address potential security vulnerabilities.

  1. Employee Training and Awareness:

7.1. Employees are provided with cybersecurity training to recognise and respond to potential threats.

  1. Incident Response Plan:

8.1. We have an incident response plan in place to efficiently respond to and mitigate the impact of cybersecurity incidents.

8.2. The incident response plan includes communication protocols, containment measures, and steps for recovery.

  1. Data Backups:

9.1. Regular data backups are performed to ensure the availability of critical data in the event of a cybersecurity incident.

9.2. Backup integrity is regularly tested, and backup procedures are reviewed and updated as needed.

  1. Vendor Security:

10.1. Third-party vendors with access to our systems or customer data adhere to security and privacy standards consistent with our own.

10.2. Vendor contracts include cybersecurity requirements, and vendors are regularly assessed for compliance.

  1. Monitoring and Logging:

11.1. Monitoring systems are in place to detect and respond to suspicious activities in real-time.

11.2. Logs are regularly reviewed and retained to aid in forensic analysis and compliance with legal and regulatory requirements.

  1. Compliance:

12.1. We adhere to relevant cybersecurity laws, regulations, and industry standards.

12.2. Regular compliance assessments are conducted to ensure ongoing adherence to cybersecurity requirements.

 

This Cybersecurity Policy will be reviewed regularly and updated as needed to adapt to changing security threats and technological advancements.

 

Contact Information:

If you have any questions or concerns regarding our Cybersecurity Policy, please contact our   team at enquiry@clothandfeather.com.au

 

Thank you for your trust in Cloth & Feather. We are committed to maintaining a secure and safe online shopping experience for our valued customers.

Cloth & Feather
ABN 91 317 450 779
17a Perry Street
Mudgee NSW 2850
Australia