Data Security

How we meet global benchmarks for data security & compliance to keep your data safe.

At IndyForms, security is built into everything we do.

From our platform infrastructure to our internal processes and team practices, we align with internationally recognised standards to ensure your information remains protected, available, and handled responsibly.

Our certifications and independent assessments reflect our ongoing commitment to meeting global benchmarks for data security and compliance.

ISO/IEC 27001 Certified

ISO/IEC 27001 is the globally recognised standard for information security management systems (ISMS). Achieving this certification means our organisation has been independently audited and verified to meet rigorous requirements for managing and protecting sensitive data.

It covers everything from our daily data-handling practices to our internal processes, risk management strategies, and operational controls. This ensures security and compliance are integrated into every aspect of our operations, providing ongoing protection for your information.

Learn more ›

ISO/IEC 27001 certification is a reflection of our ongoing commitment to keeping your data safe.

Independently tested

IndyForms undergoes regular independent testing and validation to ensure our systems are resilient and secure. Third-party experts conduct comprehensive assessments, including penetration testing, vulnerability scans, and security audits, to identify and address potential risks.

These continuous evaluations allow us to proactively monitor and respond to emerging threats, keeping our infrastructure robust and ready to handle evolving cybersecurity challenges.

Hosted on Microsoft Azure

IndyForms is hosted on Microsoft Azure, a leading cloud platform renowned for its world-class security infrastructure.

With Azure, your data benefits from:

Compliance with over 90 global standards and certifications.
Built-in data encryption to safeguard information.
Scalable and reliable hosting to keep your operations running smoothly.

Australian owned and operated

IndyForms is proudly Australian-owned and operated, with data managed under strict local regulations.

Your data is handled in full compliance with Australian privacy laws, supported by a local team of experts who understand your unique needs.

Plus, if you have specific requirements for where your data is stored, we’re here to work with you and ensure your preferences are met.

Security across people, processes, and infrastructure

Our approach to security goes beyond systems—it’s woven into the fabric of our organisation, from leadership decisions to daily operations.

Here’s how we ensure security at every level:

1. Data security and encryption

Encryption: All sensitive data is encrypted both at rest and in transit using industry-standard encryption protocols.
Data storage: Our systems ensure that stored data remains protected from unauthorised access.
Data retention policies: Clear data retention policies guide how long data is stored and when it is securely deleted.
Data disposal: When data is no longer needed, it is deleted following strict protocols.

2. Access control and authentication

Role-based access control (RBAC): Access is assigned based on roles and responsibilities, ensuring employees only have access to what they need.
Multi-factor authentication (MFA): Remote access to critical systems requires multi-factor authentication.
Unique user credentials: Every user has a unique login to ensure accountability and traceability.
Access reviews: Regular reviews ensure that access permissions remain accurate and up-to-date.

3. Infrastructure and system security

Network segmentation: Systems are segmented to limit access points and reduce risk exposure.
Firewalls and intrusion detection: Firewalls prevent unauthorised network access, while intrusion detection systems monitor for suspicious activity.
System updates and patch management: Software and systems are regularly updated to address vulnerabilities and maintain optimal performance.
Performance monitoring: Infrastructure is monitored in real-time, with alerts for unusual activity.

4. Incident response and business continuity

Incident response plan: Clear, documented procedures guide our response to any security incident.
Backup and recovery: Data is routinely backed up, with secure recovery options available in case of failure.
Disaster recovery plans: Regularly tested plans ensure minimal disruption during unexpected events.
Continuous improvement: Lessons learned from every incident are used to strengthen our systems.
Annual testing: Regular testing ensures our recovery plans remain effective.

5. Policies, training, and governance

Security policies: Documented policies outline every aspect of our security practices, reviewed regularly.
Security awareness training: All employees complete regular training on security practices and responsibilities.
Vendor risk management: Third-party vendors undergo security reviews and comply with strict data protection standards.
Audits and compliance reviews: Regular internal and external audits verify adherence to our security policies.
Employee and contractor agreements: All team members and contractors sign confidentiality agreements and acknowledge security responsibilities.

Every layer of our platform, our organisation, and our people is built with one goal: to keep your data safe, secure, and accessible only to those who need it.