Understand the principles, approach and leadership behind the 6clicks information security and data privacy program
What principles underpin the 6clicks information security and data privacy program?
The following principle underpin the 6clicks information security and data privacy program:
- Build on strong foundations – We know enough about security to reduce our workload by building our application on top of strong foundations: Microsoft Azure. Microsoft Azure is well credentialed in terms of security and we take advantage of its rich feature set to secure our infrastructure (serverless!).
- Involve everybody – The Founding/Executive team set the tone from the top with accountability for security, have nominated a CISO, communicate policies and regularly monitor program performance internally and through engagement with independent advisors, testers, customers and regulators.
- Maintain persistence – 6clicks has established an Information Security Management System (ISMS) which triggers security activities to occur on an ongoing basis. We perform constant real-time monitoring, daily and weekly vulnerability scanning, regular penetration testing, and ongoing training.
- Be transparent – Our philosophy is to be transparent about our security arrangements (as much as sensible) and we share detailed information under confidentiality arrangements. We do not pretend to be perfect (although we are pretty good) and we are happy to share updates on projects in progress.
What approach does 6clicks take to information security and data privacy?
- 6clicks takes a security-first approach to maintain the high cybersecurity standards of our commercial partners and to ensure all relevant data always remains secure
- The founding team are committed to privacy and security and have established security and privacy policies and practices as a part of its ISO 27001 certified Information Security Management System (ISMS)
- 6clicks has partnered with Microsoft to leverage Microsoft Azure for hosting of the primary 6clicks SaaS platform with additional partnerships considered based on demand
- The IRAP assessment is focused on our 6clicks for Government (Australia) environment hosted in Microsoft Azure in this case Australia Central 1 (Canberra Data Centres)
- 6clicks encrypts data in transit using Transport Layer Security (TLS/HTTPS) and data at rest using AES-256 bits
- 6clicks performs regular monitoring, vulnerability scanning and penetration testing, and adapts its countermeasures accordingly
Who leads the cyber security function at 6clicks?
Andrew Robinson is a 6clicks Founder, CSO and CISO.
Andrew started his career in the startup world and went on to perform in cyber and information security advisory roles for the Australian Federal Government and several Victorian Government entities.
Andrew has worked worldwide, including financial services in the UK and, more recently, across a wide variety of industries, including data centers, tech start-ups, health, education, transport and critical infrastructure.
Andrew has a Masters in Policing, Intelligence and Counter-Terrorism (PICT), specialising in Cyber Security and holds IRAP, ISO 27001 LA, CISSP, CISM and SCF certifications.