Infomix | Engineering Services

Contact Us

Information Security Policy & Practices Summary

Infomix Engineering Services (ABN: 93 688 649 710)

Location: Perth, Western Australia, Australia

1. Our Commitment

At Infomix Engineering Services (IES), information security is at the core of our operations. As a professional engineering services provider specialising in Cyber Security and Data Solutions we are committed to maintaining the confidentiality, integrity and availability (CIA Triad) of all information we handle.

This document outlines our  high-level committment to protecting both our clients’ data and tsensitive commercial information entrusted to us.

2. Governance and Scope

A. Policy Scope

This policy applies to all Infomix Engineering Services  employees, contractors, and any systems, networks or information assets used to deliver our services – including Cyber Security, Cloud Migration and  Data Centre solutions.

B. Security Objectives

Our core information security objectives are to:

  1. Confidentiality: Ensure that information is only accessible to authorized individuals.
  2. Integrity: Safeguard the accuracy, completeness, and validity of information and processing methods.
  3. Availability: Ensure authorised users have access to information and associated assets when required.
  4. Compliance: Meet all contractual, legal, and regulatory obligations, including the Australian Privacy Principles (APPs).

3. Client Data Protection and Classification

A. Data Classification

All  information handled by Infomix is classified according to sensitivity and business impact. While detailed classifications are internal, client data is generally treated as Cofnidential or Restricted to ensure appropriate protection.  into categories to ensure appropriate protection.

B. Role as Data Processor / Service Provider

When deliveringservices  such as cloud migration or security assessments, Infomix acts as a Data Processor. We implement robust technical and organisational controls as defined in our Master Services Agreement (MSA) and any applicable Data processing Agreement (DPA) with the client.

C. Data Handling and Transfer

  • Encryption: All client data is encrupted both in transit (e.g., TLS/SSL protocols) and at rest (e.g., AES-256 on storage and backups).
  • Secure Transfer: Data is only transferred to clients or third-party service providers via secure, encrypted channels.

4. Security Controls and Technical Measures

A. Access Control and Authentication

  • Principle of Least Privilege: Access to information and systems is restricted strictly to individuals who require it for their role.
  • Multi-Factor Authentication (MFA): MFA is requiredfor all remote access and access to sensitive internal  or clientystems.
  • Strong Passwords: Password policies enforce complexity, minimum length and periodic rotation requirements.

B. Network and Infrastructure Security

  • Firewalls and Monitoring: Enterprise-grade firewalls and intrusion detection/prevention systems (IDS/IPS) to monitor and filter network traffic.
  • Patch Management: Software and system patching are performed promptly and rigorously to address identified vulnerabilities.

C. Endpoint Protection

All company-owned devices (laptops, servers, etc.) are protected by anti-malvirus/anti-malware solutions and managed device policies, including mandatory full-disk encryption.

5. Personnel Security and Training

A. Awareness Training

All employees and contractors receive mandatory security awareness training covering phishing prevention, malware, password hygiene and secure handling of client data. Training is refreshed on a regular basis.

B. Confidentiality Agreements

All personnel are required to sign and adhere to strict confidentiality and non-disclosure agreements (NDAs) as a condition of employment/engagement.

6. Incident Response and Data Breach Notification

Infomix maintains a formal Data Breach Response Plan to ensure rapid and effective response to any security incident.

A. Australian NDB Scheme

We comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).

  • Assessment: If a data breach involving personal information is suspected, an internal assessment is complement within 30 days.
  • Notification: If an eligible data breach is confirmed (i.e., likely to result in serious harm), we will notify affected individuals and the Office of the Australian Commissioner (OAIC) as soon as practicable.

B. Reporting Incidents

Any employee, contractor or third party who suspects a potential security incident or  data breach must immediately report it to the designated Incident Response Team via security-incidents@infomix.com.au

7. Audits and Review

Our security controls, policies, and procedures are subject to regular internal reviews and, when appropriate, external audits to ensure compliance with best practices and recognized frameworks, including: 

  • ISO 27001 Information Security Management principles; and
  • The ASCS Essential Eight mitigation strategies.

Through continuous improvement and practive risk management, Infomix Engineering Services ensures its security posture remains aligned with evolving threats and industry standards.