Cyber Security Policy

Effective Date: 01 July 2023
Elev8 Strategic Partners 
ABN: 89 634 740 908
Website: www.elev8strategicpartners.com.au
Email: hello@elev8partners.com.au

1. Purpose

The purpose of this Cyber Security Policy is to define the protocols, responsibilities, and controls used by Elev8 Strategic Partners ("Elev8") to safeguard digital systems, confidential information, and business-critical data from unauthorised access, misuse, or cyber threats.

This policy supports our commitment to maintaining data integrity, confidentiality, and availability for both our business and clients.

2. Scope

This policy applies to:

• All Elev8 staff, contractors, and authorised collaborators
  
  
• All devices used to access Elev8 systems or data (e.g., laptops, tablets, mobile phones)
  
  
• All platforms and applications used for project delivery, communication, file storage, or CRM functions (e.g., Google Workspace, Asana, HubSpot, Stripe, Canva, Calendly, etc.)
  
  

It governs internal systems, client portals, and external communication tools.

3. Cyber Security Principles

Elev8’s cyber security framework is built on the following core principles:

• Confidentiality: Only authorised individuals have access to sensitive data
  
  
• Integrity: All systems and data must be accurate, consistent, and protected from unauthorised modification
  
  
• Availability: Systems and services must be reliable and resilient against cyber incidents
  
  
• Accountability: Clear responsibilities for data protection and risk management across the team
  
  

4. Data Security Measures

4.1 Access Control

• Access to sensitive data is granted based on job role and need-to-know basis
  
  
• All accounts are secured with strong, unique passwords and multi-factor authentication (MFA) where available
  
  
• Access to shared files, CRMs, and project systems is reviewed regularly and revoked when no longer required
  
  

4.2 Device Security

• Company and personal devices used for Elev8 work must be protected with PINs, passcodes, or biometric access
  
  
• Antivirus and anti-malware software must be installed and up-to-date on all devices
  
  
• Auto-lock and timeout features must be enabled on all devices
  
  

4.3 Cloud Storage & Platforms

• All client files and project materials are stored in secure cloud platforms (e.g., Google Drive) with restricted access
  
  
• Confidential files are never stored locally on unprotected devices
  
  
• Data backups are maintained for key project files and systems in line with business continuity protocols
  
  

5. Acceptable Use & Responsibilities

All Elev8 team members and authorised users must:

• Use only approved platforms and communication channels for client or internal work
  
  
• Avoid transmitting sensitive data over unsecured networks or non-Elev8 systems
  
  
• Immediately report any suspected data breach, phishing attempt, or system vulnerability
  
  
• Refrain from downloading or installing unapproved software on business-critical devices
  
  
• Maintain professional conduct online and protect login credentials at all times
  
  

6. Incident Response & Breach Reporting

In the event of a cyber security incident (e.g., data breach, unauthorised access, system compromise), the following actions will be taken:

1. Immediate internal investigation to assess scope and potential impact
   
   
2. Containment of the threat by revoking access and isolating affected systems
   
   
3. Notification of impacted stakeholders or clients, if applicable, within 72 hours
   
   
4. Implementation of remediation actions to prevent recurrence
   
   
5. Documentation and review of the incident to improve future response protocols
   
   

All team members are obligated to report suspected breaches to hello@elev8partners.com.au immediately.

7. Use of Third-Party Tools & Platforms

Elev8 leverages trusted third-party platforms for project delivery and communication. These tools are selected based on their security credentials, encryption standards, and compliance capabilities. Common platforms include:

• Google Workspace (Drive, Docs, Gmail)
  
  
• HubSpot (CRM and Sales Tools)
  
  
• Asana or Trello (Task Management)
  
  
• Canva (Design)
  
  
• Stripe (Payments)
  
  
• Calendly (Bookings)
  
  

Each tool is accessed with secure credentials and monitored for permission compliance.

8. Training & Awareness

All Elev8 team members are:

• Provided with onboarding guidance around cyber-safe practices
  
  
• Expected to stay informed about common cyber threats (e.g., phishing, credential theft)
  
  
• Encouraged to attend awareness briefings and review updated protocols annually
  
  

9. Compliance & Review

This policy is reviewed annually or upon major system changes. Non-compliance with this policy may result in access restrictions, disciplinary action, or termination of contracts.

This policy is supported by and aligned with:

• The Australian Privacy Act 1988 (Cth)
  
  
• The Australian Cyber Security Centre (ACSC) recommendations
  
  
• Industry best practices in information security and digital protection
  
  

10. Contact Us

If you have any questions or concerns about this Cyber Security Policy or how we manage your personal information, please contact:

Elev8 Strategic Partners
📧 Email: hello@elev8partners.com.au
🌐 Website: www.elev8strategicpartners.com.au
📍 Registered Address: 165 Peel Street, Tamworth, NSW 2340