Information Security
Last updated October 2020
Timing Solutions is committed to protecting your privacy and treating your personal information as you would want it to be treated. We take steps to protect personal data from loss, misuse, and unauthorised access, disclosure, alteration, or destruction. We have an established Information Security process to ensure that the data held on our platform is kept confidential, accessible and it’s integrity is upheld.
Some Key elements of our infomration security framework are described below:
Our systems and internal processes continually seek to align with the ISO 27001 globally recognised standards.
Our cloud based platform is hosted in an Amazon Web Services (AWS) environment. AWS is a globally recognised business and is ISO 27001 certified.
We work with accredited third parties to perform penetration testing, and to seek any relevant industry advice to ensure that activities in respect to Information Security continue to align with market standards and consumer expectations.
All Timing Solutions employees are required to have a Working with Children’s Check (WWCC)
The data on our platform can only be accessed via verified user access details such that our customers will only have access to their own / their organisations information.
In the event of a data breach, Timing Solutions has procedures in place to contain and assess the issue, and to notify impacted customers. If personally identifiable information is included in the breach, then appropriate steps will be taken per the Notifiable Data Breach (NDB) scheme and the Privacy Act.
Please refer to appendix: Timing Solutions’ Data Breach Response Summary
Information in regards to NDB and the Privacy Act can be found here https://www.oaic.gov.au/privacy/guidance-and-advice/data-breach-preparation-and-response
Personal Information will be retained on our platform to assist with the efficient recurring usage of the product by our customers (for instance, between one sporting season to the next), and to allow our customers to retain their access to their information (such as sports event results history) in a secure fashion. If requested by a customer the personally identifiable information can be deleted. Information will also be proactively and securely deleted by Timing Solutions if it is deemed to be not of use to that customer.
If you would like to access, review, update, rectify, or delete any Personal Information we hold about you, or exercise any other data subject right available to you under the Australian Privacy Act 1988, please contact us at privacy@timingsolutions.com.au. Our privacy team will examine your request and respond to you as quickly as possible. Upon your request, Timing Solutions, when acting as Data Controller, will deactivate your account or delete your Personal Information.
Appendix: timing solutions’ data breach response summary:
Step 1: contain the breach
Notify the Privacy Officer and Senior Leadership Team who may convene the data breach response team.
Immediately contain breach:
IT to implement the Incident Response Plan if necessary.
Building security to be alerted if necessary.
Consider whether other parties need to be advised.
Consider whether team needs other expertise
Inform the Board of Directors as soon as possible; provide ongoing updates on key developments.
Ensure evidence is preserved that may be valuable in determining the cause of the breach, or allowing Timing Solutions to take appropriate corrective action.
Consider a communications strategy to manage customer expectations.
Step 2: assess the risks for individuals associated with the breach
Conduct initial investigation, and collect information about the breach promptly, including:
the date, time, duration, and location of the breach
the type of personal information involved in the breach
how the breach was discovered and by whom
the cause and extent of the breach
a list of the affected individuals, or possible affected individuals
the risk of serious harm to the affected individuals
the risk of other harms
Determine whether the context of the information is important.
Establish the cause and extent of the breach.
Assess priorities and risks based on what is known.
Keep appropriate records of the suspected breach and actions of the response team, including the steps taken to rectify the situation and the decisions made.
Step 3: consider breach notification
Determine who needs to be made aware of the breach (internally and potentially externally) at this preliminary stage.
Determine whether and how to notify affected individuals. Is the breach likely to result in serious harm to any of the individuals to whom the information relates and whether Timing Solutions has been able to prevent the likely risk of serious harm through remedial action. In some cases, it may be appropriate to notify the affected individuals immediately, e.g., where there is a high level of risk of serious harm to affected individuals.
Consider whether others should be notified, police/law enforcement or other agencies or organisations affected by the breach or can assist in containing the breach or assisting individuals affected by the breach. The Privacy Act requires certain entities to notify individuals and the Commissioner about data breaches that are likely to cause serious harm
Step 4: review the incident and take action to prevent future breaches
Fully investigate the cause of the breach.
Implement a strategy to identify and address any weaknesses in data handling that contributed to the breach.
Conduct a post-breach review and report to the Board of Directors on outcomes and recommendations:
Update security and response plan if necessary.
Make appropriate changes to policies and procedures if necessary.
Revise staff training practices if necessary.
Consider the option of an audit to ensure necessary outcomes are affected
If you have any questions or concerns regarding our Privacy Policy, please send a detailed message to
privacy@timingsolutions.com.au.