Security Framework and Standards

Streamline employs industry-recognised security frameworks and standards, including:

Risk Management

• ASD's Essential Eight risk management practices for identifying and managing operational risks

• Regular risk assessments and mitigation strategies

• Business continuity and disaster recovery planning

Information Security Management

• ISO 27001-aligned security controls where commercially reasonable

• Information security policies and procedures

• Regular security awareness training for personnel

Internal Security Team

• Internal security personnel responsible for product and service security monitoring

• Continuous improvement of security practices and incident response

• Regular security reviews and vulnerability assessments

Data Protection Measures

Encryption and Transmission Security

• Encrypted communication channels for data transmission between client systems and Streamline services

• Industry-standard encryption protocols for data in transit

• Secure API connections and authentication mechanisms

Note: While we implement reasonable encryption measures, we cannot guarantee absolute security of data transmission over public networks. Clients acknowledge inherent risks in internet-based communications.

Privacy Law Compliance

• Compliance with applicable privacy laws including New Zealand Privacy Act 2020

• Data handling practices aligned with regulatory requirements

• Regular privacy impact assessments for new services

Subject to Terms: All privacy and security commitments are subject to the limitations and disclaimers in our Terms of Service.

Security Testing and Validation

Internal Security Testing

Streamline utilises third-party security tools to conduct security assessments:

• OWASP Application Security Verification Standard (ASVS) as testing baseline

• Penetration testing and vulnerability assessments

• Code security reviews for custom applications

• Infrastructure security evaluations

Testing Scope: Security testing covers areas deemed commercially reasonable by Streamline. We do not guarantee that all potential vulnerabilities will be identified or remediated.

Continuous Monitoring

• Real-time security monitoring and threat detection

• Automated vulnerability scanning and assessment

• Security incident logging and analysis

• Regular security metrics reporting

Secure Data Integration

• Encrypted data feeds from authorised financial institutions and data suppliers

• Direct system-to-system integration without manual intervention

• Real-time data validation and integrity checking

• Audit trails for all data access and processing

Client Authorisation: Clients must authorise their data suppliers to provide information to Streamline. Streamline is not responsible for data accuracy or completeness from third-party sources.

Cloud Infrastructure Security

Amazon Web Services

Our primary cloud infrastructure provider is Amazon Web Services (AWS):

Infrastructure Security Features

• Australian-hosted production environment for data sovereignty

• Physical security controls and access restrictions

• Server redundancy and automated failover capabilities

• Built-in firewall protection and intrusion detection

• 24/7 infrastructure monitoring and support

AWS Security Compliance

• SOC 1, SOC 2, and SOC 3 certifications

• ISO 27001, ISO 27017, and ISO 27018 compliance

• Regular third-party security audits and assessments

• Comprehensive compliance documentation available

Third-Party Responsibility: AWS security measures are managed by Amazon Web Services. Streamline relies on AWS representations regarding their security practices and is not liable for AWS security failures.

For detailed AWS security, privacy, and compliance information: aws.amazon.com/security

For AWS compliance audit results: aws.amazon.com/compliance

Security Incident Management

Incident Response

• 24/7 security incident monitoring during business hours

• Defined incident response procedures and escalation protocols

• Forensic analysis capabilities for security events

• Communication protocols for client notification when required

Breach Notification

Security breach notifications will be provided as required by applicable law and subject to:

• Assessment of breach materiality and client impact

• Legal and regulatory notification requirements

• Limitations set forth in our Terms of Service regarding liability for security incidents

Security Vulnerability Reporting

Responsible Disclosure

To report security vulnerabilities or concerns:

Security Officer
Email: security.officer@streamlinebusiness.group

Response Commitment: We will acknowledge vulnerability reports within 5 business days and provide updates on remediation efforts where commercially reasonable.

Important Limitations and Disclaimers

No Absolute Security Guarantee

Streamline cannot and does not guarantee absolute security. All security measures are implemented on a "reasonable efforts" basis subject to:

• Commercial feasibility and cost considerations

• Technical limitations of available technologies

• Evolving nature of cybersecurity threats

• Dependencies on third-party service providers

Client Responsibilities

Clients are responsible for:

• Maintaining security of their own systems and networks

• Proper use of authentication credentials and access controls

• Reporting suspected security incidents promptly

• Implementing appropriate internal security measures

Limitation of Liability

All security commitments are subject to the limitation of liability provisions in our Terms of Service. Streamline's liability for security incidents, data breaches, or other security-related issues is limited as set forth in the Terms of Service.

Updates and Modifications

Streamline reserves the right to modify security practices and this Security Commitment at any time to:

• Address evolving security threats and technologies

• Comply with regulatory changes

• Improve operational efficiency

• Align with business requirements

Continued use of Streamline services constitutes acceptance of security practice modifications.