At Outbooks, customer data is handled with care, responsibility and due diligence. Financial data is at the core of every engagement and protecting it is at the core of everything we do.
Security is not an add-on. It is embedded into every process, system and infrastructure layer we operate. This document outlines how Outbooks safeguards customer information against unauthorised access, breaches, misuse and operational disruption.
Our practices are designed to comply with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs), which govern the collection, use, storage and disclosure of personal information. Our approach is also aligned with the Australian Cyber Security Centre (ACSC) Essential Eight a recognised baseline for protecting business systems against cyber threats.
Our Data Security Governance Framework
Outbooks operates a layered security framework combining technology, internal processes and physical safeguards to protect customer data at every stage of the engagement.
Our framework ensures:
- Defined security policies and internal procedures
- Clear allocation of security responsibilities across teams
- Ongoing monitoring and testing of security controls
- Periodic review of security practices to ensure they remain effective against evolving threats
- Alignment with ACSC Essential Eight requirements
Security controls are proportionate to the sensitivity of the data and the level of operational risk involved.
Regulatory Compliance
As an outsourced accounting and bookkeeping provider serving Australian firms and businesses, Outbooks aligns its data protection practices with applicable Australian law and industry standards, which include ISO 27001:2022 (ISMS) which is applied across our cloud hosting infrastructure.
Customer information is used solely for agreed purposes and is never sold or shared for marketing activities.
Technical Security Controls
Outbooks maintains multiple layered technical safeguards across its infrastructure, systems and authentication processes:
- Servers located in Australia, accessed only through secure VPN connections using OpenVPN
- Network protection implemented through PFSense firewalls
- Continuous monitoring of data movement
- Systems maintained with regular security updates and patches
- Periodic security reviews to verify system integrity
- Secure configuration standards applied across systems to minimise vulnerabilities
- Segregation of client environments to reduce risk of cross-data exposure
- Logging and audit trails maintained for system access and administrative actions
- Multi-factor authentication (MFA) enforced for all system and platform access
Malware and Threat Protection
To reduce exposure to cyber risks, Outbooks maintains active threat protection measures across all systems:
- Email security and threat filtering using Sophos Email Security
- Data Loss Prevention (DLP) controls through Sophos Intercept X
- Monitoring for unusual or unauthorised system activity
- Restricted access to non-work-related websites
- Advanced threat detection mechanisms
- Automatic quarantine of suspicious files and attachments
Access Control and User Management
Access to customer information is governed by strict internal controls, ensuring that only authorised personnel can access data relevant to their assigned engagement.
- Role-based access aligned strictly with job responsibilities
- Access limited to information required for assigned tasks only
- Uploads and downloads permitted through authorised channels only
- Regular review of user access permissions
- Immediate access removal when roles change or employment ends
- Strong password policy requirements
- Account lockout mechanisms
Device and Asset Management
- Use of company-authorised desktop systems only
- Personal devices not permitted
- Secure operating systems
- Centralised tracking of IT assets
- Secure disposal of hardware
Physical Security Measures
- CCTV monitored office locations
- Controlled access to buildings and workstations
- Visitor access procedures
- Restricted server room access
Staff Responsibilities and Security Awareness
- Confidentiality agreements
- Regular training
- Secure communication guidelines
- Encrypted data transfers
- Phishing awareness programmes
- Disciplinary procedures
Data Storage and Security
- ISO 27001 cloud infrastructure
- Restricted access
- No personal device storage
- Encryption applied
- Backup validation
- Data classification
Backup systems are maintained to support data availability and continuity in the event of system issues. Disaster recovery procedures are documented to ensure timely restoration of systems.
Third-Party and Sub-Processor Governance
All third-party providers are assessed, contractually bound, and periodically reviewed to ensure compliance with security standards.
Secure Communication Protocols
- Encrypted file-sharing platforms
- No plain-text transmission
- Secure email filtering
Cookie and Website Tracking
- Monitor website performance
- Understand visitor behaviour
- Improve site functionality
Incident Response and Regulatory Notification
Incident response procedures include containment, investigation, impact assessment, notification, and corrective actions.
Notifications follow the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth).
Business Continuity and Operational Resilience
- Backup systems
- Disaster recovery procedures
- Operational continuity planning
Policy Review and Continuous Improvement
This policy is reviewed regularly to reflect evolving threats, regulatory changes, and operational improvements.
Email: info@outbooks.com.au
Phone: 0451 320 102
Address: 2902/5 Lawson St, Southport QLD 4215, Australia
