Information Security

At WoftBPO, confidentiality of information is the guiding principle of our core values. Our unwavering commitment lies in delivering superior outcomes while upholding the utmost security of information. Rooted in our operations is a strict adherence to Information Security procedures aimed at effectively managing risks that could impact the confidentiality, integrity, and availability of both company and customer data.

We steadfastly embrace the adoption of the most stringent information security practices and standards to safeguard all aspects of information within our business ecosystem. Information Security Management is the cornerstone of our operations, ensuring an unwavering dedication to continuous improvement and the relentless pursuit of utmost customer satisfaction.

Our commitment to Information Security Management transcends mere compliance; it is deeply embedded in our organizational ethos. We continuously assess, enhance, and evolve our security measures to fortify our defenses against emerging threats, nurturing a resilient and secure environment for the protection of sensitive information.

Through the embrace of these rigorous Information Security protocols, we assure our clients of a robust framework that not only mitigates risks but also cultivates trust, reliability, and the highest standards of data protection across all our operations.

Our approach to achieving this commitment encompasses several strategic initiatives:

Innovative IT Solutions: Focusing on innovative IT utilization to craft tailored products and services aligned with today’s dynamic business environment.

Holistic Security Measures: Employing comprehensive, reasonable, and practical security measures to protect our crucial processes and assets, ensuring the achievement of our security objectives.

Continuous Improvement: Continually exploring ways to enhance security measures, fortifying our business and perpetually improving our Information Security Management System (ISMS).

Compliance and Regulatory Adherence: Managing and safeguarding information assets in alignment with contractual, legislative, privacy and ethical responsibilities, conforming rigorously to ISO 27001:2013 standards and relevant legal requirements.

Client-Centric Excellence: Providing our clients with ongoing process enhancements, amplified productivity and heightened quality through a fusion of domain expertise and technology-driven optimization.

Controls Implemented for Data Security:

Technical controls

WoftBPO Office operates completely paperless. Broker partners can share their clients’ files or folders through Google Drive/ One Drive or Drop Box and any other cloud-based file sharing platforms.
Broker partners are able control the level of access to their clients’ files or folders. Broker partners allow us only the required level of access and they can withdraw it after the loan processing tasks are concluded.
The security controls on the laptops prohibit moving/copying files or folders from laptops to their own devices. That means, all files/folders always remain within the cloud or within the system.
Using USBs/CDs or other mobile storage devices have been disabled on the laptops.
The laptops are secured and only allows accessing websites/portals that have been authorised.
Team members do not have admin privileges on the laptops. That means, the user cannot or not allowed to install any unauthorized applications on the systems providing protection against inadvertent installation of any malware or other viruses.
All laptops are set with complex password settings.
All individual team members’ laptop devices and our servers are installed and secured with the latest and ongoing anti-virus subscriptions.
In addition to the above controls, IT department regularly perform audits to identify any system vulnerabilities.
Team members are regularly trained with respect to identifying potential security threats, importance of date security and how to maintain a strong IT control environment.
We have backup laptops with the same security features as a measures in place to provide uninterrupted service in the case of any technical issues of normal usage laptops.
Our dedicated team of IT professionals ensure that the systems, data, files or folders can be restored without any significant losses in case any contingencies arise.

HR related controls:

Employees or contractors employed by WoftBPO are well qualified and skilled professionals with minimum secondary education background.
Before employees or contractors are hired, their background is thoroughly checked including verifying their legality to work, getting police clearance certificates and performing employer reference checks including physical verification of their place of residence.
Employees are adequately trained on data breach, IT risks and security measures including training on Australian Privacy Principles.

Other general controls

We have displayed our privacy policy prominently within office premises.
All employees have signed a non disclosure agreement as well as the privacy policy is used as a part of the employment contract.

Controls Implemented for Confidentiality of Personal information:

This Privacy Policy describes our practices in relation to the handling and use of personal information. At WoftBPO, we are committed to protecting your privacy and privacy of your clients in accordance with the Privacy Act 1988 (Cth) and Privacy Amendment Act 2012 (Cth) plus Australian Privacy Principles.

What information do we collect and how do we use it?

As a service provider we are subject to requirements to obtain and hold detailed information, which personally identifies you and/or contains information about you (‘personal information’). In addition, to provide you with a comprehensive service we need to obtain certain personal information about you or your clients.

We use personal information only for the purposes defined in a Supply of Services Agreement providing loans processing.

We use your information to send you requested product information and promotional material and to enable us to manage your ongoing requirements, e.g. further information regarding specific job and our relationship with you, example invoicing.

We may use your information internally to help us improve our services and help resolve any problems.

How do we hold and protect your information?

We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.

We will strive to maintain the privacy of this data on our part, but we encourage you to ensure you practice the highest level of online security for your personal logins when using these software packages.

We ensure that your information and information you provided to us is safe by limiting access to your personal data to your broker assistant/ call centre agent and his/ her associate as requested. An External Auditor may request access to any of our files for the purpose of compliance audit only and you will be advised in this instance.

Will we disclose the information we collect to anyone?

We do not sell, trade, or rent your personal or your client personal information to others.

We may disclose to, and obtain from, the following organisations personal information about you to for the purposes described above (as well as otherwise permitted by the Privacy Act): banks and finance organisations, valuation companies, mortgage insurers, real estate agents, settlement agents, solicitors, information technology companies, loan processors, bookkeepers and mailing organizations.

We may provide your information to others if we are required to do so by law or under some unusual other circumstances which the Privacy Act permits.

Disclosures to overseas recipients

Some of the recipients to whom we disclose your personal information may be based overseas. It is not practicable to list every country in which such recipients are located but it is likely that such countries will include United Kingdom, New Zealand and India.

How can you check, update or change the information we are holding?

By calling +94727196212/ 0390876076 and providing enough information to allow us to identify you, we will disclose to you the personal information we hold about you. We will also correct, amend or delete any personal information that we agree is inaccurate.

You may complain to us about a breach of the Australian Privacy Principles by writing to our address listed on our website (www.https://woftbpo.com.au/). We will review your complaint and notify you within 48 hours of outcomes of such review.

You may opt out of receiving promotional communications from us by using the unsubscribe link within each email or emailing us to have your contact information removed from our promotional email list or registration database. Although opt-out requests are usually processed immediately, please allow seven (7) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you will continue to receive messages from us regarding our services

Promotional communications

If you are a customer or a potential customer, from time to time we may contact you with information about services offered by WoftBPO, which we think may be of interest to you. When we contact you it may be by mail, telephone, email or SMS.

Internet site

The WoftBPO website may at times contain links to other websites whose operator may or may not adhere to a privacy policy or be governed by the Australian Privacy Principles.

Your consent

By asking us to assist with your loan processing and call centre needs, you consent to the collection, use and disclosures to overseas recipients of the personal information you have provided to us for the purposes described above.

Every member of our team is dedicated to upholding this policy and protecting information assets from unauthorized use, modification, disclosure, or any form of accidental or intentional destruction.