Data Security
At Proowrx we take data security very seriously and therefore have implemented a very strong IT control environment to protect against all possible & significant security vulnerabilities. In fact, some of the biggest aggregator groups have scrutinise our information security and other operational controls before allowing their broker partners to utilise our services.
Please note some of the key IT securities controls put up by Proowrx are:
Technical controls
- The team at Proowrx operates completely paperless. Broker partners share their clients’ files or folders through OneDrive/DropBox/Google Drive/our cloud space partners or any other cloud-based file-sharing systems.
- Broker partners control access to their clients’ files or folders. They allow us only the required level of access and can withdraw it after the loan processing tasks are completed.
- The files or folders shared by the broker partners are not accessed by the team members on their individual laptop devices. The team members log in to Sydney-based servers through VPNs to perform the loan processing services.
- The security controls from within the servers prohibit moving/copying files or folders from secured servers to their own devices. That means, all files/folders always remain within the secured shell within the servers.
- Using USBs/CDs or other mobile storage devices have been disabled on the servers.
- The servers are secured and only allow accessing websites/portals that are required for the work.
- Team members do not have admin privileges on the servers. That means, the servers only allow installing authorised applications on the systems providing protection again inadvertent installation of any malware or other viruses.
- Apart from login id and password, all login credentials require Two-factor authentications.
- All individual team members’ laptop devices and our servers have also been secured with the latest and ongoing anti-virus subscriptions.
- In addition to the above controls, IT professionals regularly perform audits to identify any system vulnerabilities.
- Team members are regularly trained with respect to identifying potential security threats and how to maintain a strong IT control environment.
- We have very strong disaster recovery measures in place to provide safeguard against any major interruption of our business operations.
- Files saved on the cloud can be traced back to the employee who has worked on it. Emails are monitored regularly to ensure compliance.
- Our server partners provide guaranteed uptime and also data are automatically backed up at regular intervals. Our dedicated team of IT professionals ensures that the systems, data, files or folders can be restored without any significant losses in case any contingencies eventuate.
- Employees leave their mobiles outside the work area in individual lockers.
- Employees use laptops at office and do not take the machines back home.
- Employees do not have direct access to a printer/scanner.
HR related controls:
- Employees are well qualified and have Bachelors and/or Master’s degree in accounting or finance.
- Before employees are hired, their background is thoroughly checked including verifying their legality to work, getting relevant clearance certificates and performing employer reference checks.
- Employees are adequately trained on data breach, IT risks and security measures.
- Entry to the office is access controlled. Access to work area is granted only to employees.
- Employee’s works from office in all situations. Work from home is exercised in unavoidable circumstances such as Government-mandated lockdown.
- Staff is monitored through multiple CCTVs installed in the work area. Additionally, there is option for employees to work with video feed from the local machine.
- All Employees signs Non-Disclosure Agreement to ensure sanctity of data privacy norms.
- We do not use shared work spaces to maintain data privacy.
Other general controls
- The building complex has secured physical access. No unwarranted person can pass through the security Gate.
- There is designated area for visitors separated completely from the work area and located on a different floor to ensure no access or visibility of the work area.
- There is 24 hour – full power backup in case of a short or long power outage
We have adopted a privacy policy which is displayed on our website. The privacy policy is in line with the requirements of the