Policy last updated: January 11th 2010
This website belongs to IsecT Ltd., an independent IT governance consultancy.
Our registered company address is: Castle Peak, 1262 Taihape Road, RD9 Hastings 4179, New Zealand.
We can be reached at any time by email through info (at) isect (dot) com.
IsecT Ltd. respects your right to privacy, just as we expect you to respect ours. Given that we are IT governance professionals, we truly understand the implications of privacy and data protection but we are human too. Unfortunately, we cannot offer you an absolute total guarantee of security but we promise to do our utmost to protect any information you provide to us against unauthorized disclosure or use, meaning that which you have not explicitly authorized or which is not in your best interests.
We are a New Zealand company registered in New Zealand and governed by New Zealand law. We comply with New Zealand’s Privacy Act both in letter and in spirit, and uphold the data protection principles. That means we take care to keep any personal data we hold confidential, complete and accurate, and we try not to collect any more information than we need for our legitimate business purposes nor do we keep it longer than necessary. We comply with other laws relating to information security and of course applicable laws and regulations relating to corporate governance, financial control and so forth.
Use of personal data
We would like to establish a reasonable commercial dialogue with colleagues, clients and potential clients, website visitors and other interested parties who contact us. This is why we record details such as names, phone numbers and email addresses from the people who contact us. We do not and will not release your email address, telephone number, name or any other personal information to anyone else unless we are required to do so by an enforceable court order. We may use the information you supply to contact you directly by email, post or telephone but if you wish us to stop, simply tell us and we will do so. It’s up to you. We do not send you marketing blurb, advertising or promotional materials unless requested.
Upon request, we can provide you with access to contact information you have supplied to us (e.g. your name and email address) in order for you to check, update and/or delete the details. We will validate any such requests before supplying the information in order to prevent unauthorized access to the data. Naturally we have information security measures in place to protect the information that we have collected from you against loss, misuse, disclosure or alteration. We are information security specialists after all!
Information collected from website visitors
For each visitor to our website, the webserver automatically recognises information such as the visitor's IP address and browser type. The information from our webserver logs is used in aggregate for statistical purposes to track usage of the website (e.g. the number of unique visitor IP addresses indicates approximately how many unique visitors we have) and to help us improve the website (e.g. we identify and repair broken internal hyperlinks using the log file records of ‘page not found’ messages). We do not normally take any notice of the individual IP addresses of our visitors, except in circumstances where we suspect a security incident may have occurred. Such information may then be used to trace connections and investigate possible incidents but if nothing turns up, it will not be retained or used in any other way.
Our main office is connected to the Internet through telecommunications services provided by the usual range of commercial telecomms suppliers. They potentially have access to all data coming to and from the office systems through the network, and can potentially read any information which is transmitted through the network connections in cleartext (i.e. not encrypted). Our website is hosted by a commercial hosting company that potentially has access to any information your system sends to the website. We also use their services and those of other third parties to send and receive email. These are straightforward commercial services with minimal security and privacy implications as far as we can ascertain. We believe all our service providers have broadly similar privacy policies to ours.
The ISO27k Forum (mailing list, newsgroup, reflector, group)
If you sign-up for the ISO27k Forum, your email address will be shared with the company providing the mailing list facility (currently Google, an American corporation). Your email address WILL NOT be disclosed to other third parties or used for any other purpose than to receive the forum messages and on very rare occasions administrative notices about the forum. If, being fellow information security professionals, you are dubious about giving us your normal email address despite the promises we are making in this policy, by all means open a separate disposable email account for this purpose and check whether it receives any spam. If it does, please let us know immediately as that would presumably indicate a failure of our security controls, a serious incident as far as we are concerned.
Changes to this policy