Security Policy

Last updated: 22 August 2025

1
Our Security Approach

Axivus takes security seriously by leveraging enterprise-grade cloud platforms and implementing industry best practices. Rather than maintaining our own data centres, we partner with trusted providers who hold the highest security certifications.

2
Infrastructure & Hosting

Trusted Platforms

Our services are built on industry-leading platforms:

  • Amazon Web Services (AWS): Primary hosting platform with SOC 2, ISO 27001, and FedRAMP certifications
  • Microsoft Azure: Secondary cloud infrastructure with enterprise-grade security and compliance
  • Vercel: Application deployment and edge computing with enterprise security controls
  • Australian Data Centres: All customer data stored within Australian regions

Data Protection

  • Data Minimisation: We collect only data necessary for service delivery
  • Encryption: Industry-standard encryption for data at rest and in transit
  • Australian Hosting: All customer data remains within Australian borders
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Backups: Automated backups with geographic redundancy

3
Security Practices

Development Security

  • Secure coding practices and regular code reviews
  • Dependency scanning and vulnerability management
  • Regular security updates and patches
  • Environment isolation between development, staging, and production

Operational Security

  • Multi-factor authentication for all administrative access
  • Regular security monitoring and logging
  • Incident response procedures
  • Staff security training and awareness

4
Compliance

We maintain compliance with Australian regulations through:

  • Australian Privacy Act 1988: Full compliance with privacy principles
  • Notifiable Data Breaches: Established response procedures
  • Education Sector Requirements: Alignment with state education privacy laws
  • Platform Certifications: Leveraging AWS, Azure, and platform security certifications

5
Incident Response

In the event of a security incident, we have established procedures to ensure rapid response and appropriate notification:

  • Immediate Response: Security incidents are assessed and contained promptly
  • Investigation: Root cause analysis and impact assessment
  • Notification: Customers and regulators notified as required by law
  • Recovery: Systems restored and additional controls implemented
  • Review: Post-incident analysis and process improvements

6
Monitoring & Platform Benefits

Security Monitoring

  • Continuous monitoring through platform-native security tools
  • Regular review of access logs and system events
  • Automated alerts for suspicious activities
  • Regular security assessments and updates

Platform Security Benefits

By using enterprise cloud platforms, we benefit from:

  • 24/7 security monitoring by dedicated security teams
  • Regular security updates and patches
  • Enterprise-grade physical and network security
  • Compliance with international security standards

Contact Information

For security-related inquiries or to report a security concern:

  • Security Issues: hello@axivus.com.au
  • General Support: hello@axivus.com.au

Policy Review

This security policy is reviewed regularly and updated as needed to reflect changes in our infrastructure, threat landscape, and regulatory requirements.