which is the privacy protection outline in the Privacy Act 1988.
2.1 The responsibility for the production and maintenance of this document is with the management team
of Computit. They will also ensure that any substantial changes made will be communicated to all
2.2 The appropriate handling and storage of information is the responsibility of all employees, consultants,
temporary staff and sub-contractors.
This policy is concerned with all information privacy, and cover all information that;
a) Stored on computers and servers;
b) Transmitted across networks;
c) Printed out or written on paper;
d) Sent internally or externally by post, courier, or fax;
e) Stored on removable and other electronic media; and
f) Spoken in face-to-face conversation, email, or over the telephone.
4. Purpose and Objectives
The Policy was created with the purpose of expressing the company committed to delivering the
highest quality services and products with integrity in dealing with our clients and partners. The
disclosure of your personal information.
5. Information collects
Computit collects personal information by lawful and fair means. There are two types of collecting
1. The information you submitted to, or Computit uploaded on behalf of you. This may include
email information, personal details (name, surname, phone number etc.), bank account detail or
credit card information.
2. Website information collected when you or others browse or visit Computit website for SEO
6. Information usage
6.1 Computit uses personal information for administering business activities to deliver the best quality
products and exceptional customer service to our customers and prospective customers.
6.2 We may use your personal information to notify you about the important changes to our products,
services and/or special offers that we believe are valuable for you.
7. Information Access
7.1 Internal and external access to information and the systems held by Computit is governed by
the security classification of the information.
i. Operational information is either generally available to the public or all staff on a need-toknow
basis, as decided by their manager.
ii. Sensitive data is available only to staff who have a business requirement and with the
written approval of the Information Asset owner.
7.2 Where access to sensitive data has been authorised, the use of such data shall be limited to
the purpose required to perform the business.
7.3 Where a member of staff who has access to sensitive data either leaves or, has their
authorisation removed e.g. as a result of a change of role, their status is updated within 24
hours. e.g., by changing access control lists.
8. Storage and Safeguard of Information
8.1 Computit Cloud infrastructure is fully based within Australian borders, and it is to ensure that
the personal information will not be disclosed to an overseas recipient\s. If there is any
necessary circumstance to do so, Computit must take all reasonable steps to ensure that the
overseas recipient\s will not breach the APPs.
8.2 Information is stored in systems and according to classifications, frameworks and procedures
that enable it to be readily identified and retrieved throughout its existence and to ensure its
preservation from physical harm, data loss or unauthorised access.
8.3 Protection from unauthorised access requires mechanisms such as password protection or
encryption of digital files and data and sign-in sheets.
8.4 Where information is stored on a mobile device (e.g. PDA, USB drive, laptop), special care
must be taken to ensure that the device is physically protected from theft, loss, or damage,
particularly if it is transferred or used away from Computit offices.
8.5 Computit staff must not use cloud services to store files containing personal, sensitive or
confidential information to prevent data breaches.
8.6 Where sensitive data is transferred to the client or a third party instructed by the client, it
shall be encrypted with a unique password communicated to the recipient separately. This
will include the use of encrypted email, where the email includes any such data.
9. Cyber Security Plan
Computit has implemented its cyber security plan to improve the company’s resistance to the threats by
performing 7 steps below;
1. Assess potential risks and cyber-weakness
2. Educate employees on how to protect the business against cyber threats
3. Back up important data
4. Keep systems and software up-to-date
5. Protect Wi-Fi network and use antivirus software
6. Test for Vulnerabilities to confirm the cyber security plan works
7. Disaster recovery planning.