Security Attestation

This Security Attestation outlines the minimum set of controls and practices implemented by Entag to protect the confidentiality, integrity and availability of its services and information assets. It is intended to provide transparency into Entag’s security posture and may be referenced in contractual agreements or vendor due diligence processes. 

Entag maintains a comprehensive Information Security Management System (ISMS), certified to the ISO/IEC 27001:2022 standard. The scope of certification includes: 

The provision of technology services, solutions and consulting. It covers the management of information and business activities that support these services, in accordance with the ISMS Statement of Applicability revision 1, dated 10th February, 2025. 

Entag has also achieved Maturity Level 3 alignment with the Australian Cyber Security Centre’s (ACSC) Essential Eight mitigation strategies, independently validated by ProcessUnity (formerly CyberGRX). 

• Dedicated security and compliance personnel responsible for ISMS implementation and maintenance. 

• Regular internal audits and risk assessments reported to senior management. 

• Enforcement of Least Privilege and Need-to-Know principles. 

• Multi-Factor Authentication (MFA) for privileged and remote access. 

• Automated provisioning/deprovisioning and periodic access reviews. 

• Encryption of data at rest and in transit using industry-standard protocols. 

• Logical segregation of data and role-based access controls. 

• Secure disposal of media and assets. 

• Enterprise-grade firewalls and layered network architecture. 

• Vulnerability scanning, patch management and threat protection technologies. 

• Traffic monitoring and event correlation to detect and respond to threats. 

• Centralised logging of system and user activity. 

• Integration with SIEM tools for real-time alerting and analysis. 

• Documented incident response procedures with regular testing. 

• Root cause analysis and corrective actions following security events. 

• Formal change control processes for all material system and infrastructure changes. 

• Configuration standards are developed in consultation with external cyber security firms and aligned with industry best practices. 

• Controlled access to data centres and server rooms. 

• Environmental safeguards against fire, water, and heat damage. 

• Risk assessments for critical suppliers and cloud providers. 

• Assessments are supported by engagements with independent cyber security consultancies to validate control effectiveness and identify areas for improvement. 

• Documented and tested recovery procedures to ensure service continuity. 

• Mandatory training for all staff, including phishing simulations. 

• Annual policy reviews and updates. 

• Pre-employment screening including police checks and reference verification. 

• Mandatory onboarding training covering acceptable use, data handling, phishing, and incident reporting. 

• Formal acknowledgement of key ISMS policies such as the Acceptable Use Policy and Data Protection Policy. 

• Secure offboarding procedures including prompt access revocation and asset recovery. 

For more information or to request access to ISMS policies, please contact