24th November 2022
As a trusted software provider for public services around the world, security will always be our number one priority, and this is an area in which we have a strong track record.
When developing software solutions, our Secure Software Development Lifecycle ensures that security assurance activities such as risk assessment, architecture analysis, code review, colleague training and security testing are an integral part of our development works.
As a normal part of business, we constantly review and improve our software, systems and processes to ensure they align with recognised security standards (1). Earlier this year, we launched a Security Review Programme with key measures including:
- An enhanced password (and password management) policy;
- Extended use of Multi factor Authentication (MFA);
- Improvements to the speed of patching devices and servers;
- Changes to the way we manage software authorisation, installation and device management; and,
- Adopting a standardised global approach to antivirus measures.
Finally, recognising the all-important human dimension to good security, we provide rigorous, ongoing security training for all colleagues, as well as regular, mandatory up-to-date guidance on current and emerging cyber-threats.
- Key examples include: ISO27001 and the UK NCSC’s ‘Cyber Essentials’ standards and the Australian Federal Government’s ‘Essential 8’ Security Model.