Remote Staffing: Access Controls, Incident Reporting, and Data Retention Policy

1. Introduction

This policy outlines the access controls, incident reporting, and data retention procedures for Remote Staffing (“we”, “us”, “our”). It is designed to protect the integrity and confidentiality of data and to ensure that we respond appropriately to any security incidents.

1. Access Controls

We use Google Workspace and TeamViewer (TeamViewer holds third-party security certifications including SOC2 Type II certified, SOC3, BSI C5) to manage access to client data. Access is granted on a need-to-know basis, and our employees never see the clients’ passwords. The offshore team member remotely logs in to a Sydney based machine to do all their loan packaging work. This arrangement conforms with the compliance policy from major aggregator groups.

1. Incident Reporting

Any security incidents, including suspected or actual breaches of data security, must be reported immediately to our security team at info@remotestaffingsolutionz.com.au. We will investigate all reported incidents and take appropriate action to mitigate any risks and prevent future incidents. We will also notify affected clients as required by law.

1. Data Retention

We retain client data for as long as necessary to provide our services, comply with our legal obligations, resolve disputes, and enforce our agreements. When we no longer need to retain client data, we take reasonable steps to destroy or de-identify it in accordance with applicable laws.

1. Review of Policy

We will review this policy periodically to ensure it remains relevant and effective in managing access controls, incident reporting, and data retention. We will notify clients of any significant changes to this policy.