Legal

Information Security Policy

This Information Security Policy outlines the principles, guidelines, and practices that Testfully (“the Company”) follows to ensure the security of sensitive customer data and other confidential information. As a startup operating in the API Client, Testing, Monitoring, and Documentation space, Testfully is committed to maintaining our systems and data’s confidentiality, integrity, and availability.

Purpose

This policy aims to establish a comprehensive framework for managing information security risks, ensuring compliance with relevant laws and regulations, and building a culture of security within the organization.

Scope

This policy applies to all employees, contractors, third-party vendors, and any individual who accesses Testfully’s systems, applications, or data.

Information Classification

Testfully recognizes the importance of classifying information based on its sensitivity. We categorise data into three primary classifications:

Confidential

Sensitive customer data, proprietary business information, and any data that, if disclosed, could result in financial, legal, or reputational harm to the Company.

Internal

Non-public information meant for internal use, such as project details, research, and non-customer-specific data.

Public

Information intended for public consumption and that does not pose risks if disclosed.

Security Controls

Access Control

Access to systems and data shall be granted based on the principle of least privilege. Role-based access controls ensure that only authorised personnel can access sensitive data.

Encryption

All transmitted and stored sensitive customer data are encrypted using industry-standard encryption protocols.

Authentication

Multi-factor authentication (MFA) is enforced for accessing critical systems and applications.

Network Security

Firewalls, intrusion detection and prevention systems, and other security measures are employed to safeguard our network infrastructure.

Software Development Security

Secure coding practices are followed to minimise vulnerabilities in our software products.

Data Retention and Disposal

Data are retained only as long as necessary and securely disposed of using approved methods.

Incident Response

Testfully maintain an incident response plan to address security incidents promptly and effectively. The plan will outline procedures for detecting, reporting, investigating, and mitigating security breaches.

Training and Awareness

All employees will undergo regular security awareness training to ensure they understand security risks and best practices. Training will cover topics such as phishing awareness, data handling, and incident reporting.

Compliance and Monitoring

Testfully comply with applicable laws, regulations, and industry standards related to information security. Regular security assessments, audits, and reviews are conducted to identify and address vulnerabilities.

Third-Party Security

Vendors and partners who handle Testfully’s data must adhere to security and privacy practices consistent with our policy.

Policy Review and Updates

This policy will be reviewed annually and updated to reflect technological changes, business operations, and security threats.

Compliance Reporting

Any suspected violations of this policy should be reported to the designated security officer. Non-compliance with security policies may result in disciplinary action.

By adhering to this Information Security Policy, Testfully aims to maintain the trust of its customers, protect sensitive data, and uphold a strong commitment to information security across all aspects of its operations.



Date of Last Revision: 2023/08/06

Authorised by: Matthew Valley

Position: Managing Director

Testfully is a bootstrapped startup from Sydney, Australia.
We're funded by our supportive & amazing customers.

The word `testfully` is a registered trademark of Testfully Pty Ltd.