Security policies for ultimate data protection

We value our clients' trust in providing access to their data, websites, and premises, and we prioritise this trust. Our robust security policies include, personnel vetting, new employee induction, staff training, onsite and remote physical security, and cloud data security measures.

Steve Barnard, our Managing Director oversees our privacy and security policies, while Technical Director James Guthrie, a Certified Information Security Technologist, implements and monitors our privacy and security procedures.

Our expertise

Personnel vetting and new employee induction

We have a contract with the NZ Ministry of Justice for Online Delivery of Criminal Conviction Histories to vet new employees. These checks are refreshed annually, with outcomes recorded in our HR records. Our multi-step selection process ensures new employees understand and commit to Pikselin's security policies before starting their employment.

Remote, cloud and data security

We have robust cloud and remote work security measures, such as strict laptop security protocols, policies against using public Wi-Fi for sensitive tasks, rules safeguarding client data, stringent access and authentication policies, and thorough access logging. Ensuring unauthorized access to physical devices and cloud services is central to our data security strategy.

Office security

We have extensive on-site physical security arrangements, including electronic door locks which only authorised staff can unlock, monitored after-hours swipe card access and security cameras.

Multi-factor authentication

All the data storage and transfer solutions used by Pikselin are protected by multi-factor authentication. These include our document storage, email, and CMS solutions.

Security audit

External security consultant SEQA has conducted a security audit for Pikselin covering:

  • Cyber Security Readiness – an assessment of Pikselin against the top 10 most relevant security controls, considering best practices such as NZISM, PSR, NIST, ASD and CERTNZ.
  • Internet Threat Assessment – a high level technical assessment of Pikselin’s internet facing website and infrastructure from an unauthenticated user’s perspective.
  • Physical Security Audit – an assessment of the physical systems and processes designed to prevent unauthorised access to facilities and systems.

After SEQA presented its audit findings, Pikselin instituted a continuous improvement program which is regularly reviewed.

Staff training

We use a formal training framework provided by external security consultant SEQA that includes secure coding practice and quality assurance processes. All Pikselin web-developers undertake an OWASP security course to learn techniques to mitigate against some of the most common online security issues.