TIMG Security Controls

TIMG SECURITY MEASURES

Commitment to Security

With the increasing movement towards digital transformation and the complexities of the information environment, information governance is critical to organisations.

| At TIMG, we understand this and are committed to providing secure and accredited industry leading solutions for our clients.

TIMG BUILDING SECURITY

After hours Monitoring

Out-of-hours monitoring of all TIMG facilities is controlled and supervised by Corporate Security who follow a prescribed notification process during alarm activation. Security access cards and codes are provided to TIMG staff only.

| Each staff member’s security access card allows them access to only those areas relevant to their job descriptions. All staff movement and activity is monitored 24/7.

TIMG VAULT SECURITY

Data Vault Security

All TIMG backup media data storage vaults are reinforced concrete bunkers protected by VESDA (Very Early Smoke Detection Apparatus) and FM200 Gas Fire Suppression systems.

| Our vaults are humidity and climate controlled specifically for storing digital and magnetic media and regularly undergo DR (Disaster Recovery) and BCP (Business Continuity Planning) testing as part of our annual ISO Certification process.

TIMG VEHICLE SECURITY

Vehicle Security

TIMG owns and operates a national fleet of vehicles, all fitted with Global Positioning System (GPS) tracking devices and onboard fire extinguishers. Cargo holds are climate-controlled and are reinforced to keep media cool and secure while in transit.

| All daily routes are GPS-tracked to every 50 meters and are logged for added security and control. Back-to-base communications allow for seamless coordination of vehicles in the event of any emergency or special delivery.

TIMG PERSONNEL SECURITY

Personnel Security

At TIMG, all of our personnel have been Federal Police checked before commencing employment with us. We also conduct thorough reference checks on all staff in relation to employment history and character. All staff are required by company policy to sign and execute Confidentiality Agreements and are trained in correct document handling procedures when handling sensitive information.

| All TIMG staff are vetted and checked by the Australian Federal Police, with a large cross-section of TIMG staff having attained Baseline, Negative Vetting Level 1 clearance.

TIMG OPERATIONAL DISCRETION

Operational Discretion

Our facilities are strategically located in areas that meet our clients’ Disaster Recovery requirements and are purposely unbranded to remain discreet. We deploy the latest security and intrusion protection systems across all of our sites, including an extensive network of live security and monitoring cameras, motion detectors and seismic sensors, are also in play.

| All sites comply with PCI-DSS (Payment Card Industry Data Security Standard) physical storage (onsite and delivery vehicles).

TIMG SECURITY MEASURES

Essential Eight

The Australian Cyber Security Centre (ACSC) recommends organisations implement eight essential Strategies to Mitigate Cyber Security Incidents as a baseline making it harder for adversaries to compromise systems.

| TIMG Australia has implemented the E8 Baseline across all controls where we handle customer data. We are constantly updating and improving our processes and are now focused on rolling the standard out across all current back-office functions.