AI is everywhere, but clarity is rare. Befree Elevate: where CFOs & finance leaders turn insight into real transformation.

Know More
Privacy Policy
Information Security
ISMS Policy
Cookie Policy

Compliance & Information Security Policy

Befree Pty. Ltd. (ABN: 20 120 830 784) and its related bodies corporate or affiliates (referred to in this document as we, us or our). Our facilities adhere to various applicable global security, health and safety standards. In addition, we have the ability to scale up rapidly depending on project requirements. Our secure delivery centres are equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our clients’ data.

 

Our delivery centers are ISO 27001 ISMS certified. This means key parts of our offices and systems that handle data are on par with international best practices for information security management. We have both physical and non-physical controls to ensure our company and client data are not compromised. Our back-office staff overseas are trained on security protocols and we continuously run educational sessions to keep abreast of various threats within our industry.

ISO security certification icon

Physical Controls at Our Offices

We have implemented the following security measures at our physical locations:

  • Biometric scanners are required to enter our offices.
  • Only authorised personnel are allowed to enter our offices and data processing centre.
  • Physical documents, books and other devices are prohibited in our data processing centre.
  • Our offices are monitored by CCTV.
  • Our staff do not permanently save and store data on their PC, but instead on our secure servers (see below).
  • CD Rom and other drives (USB) are disabled on all systems.
  • Our staff do not use physical/removable drives (such as external hard drives).
  • Printers and scanners are not available to staff within the data processing centre.
  • Staff are required to keep personal belongings (including: bags, books or mobile devices) in secure lockers provided outside the main data processing centre.

Non-Physical Controls on Our Servers

We have implemented the following security measures on our servers:

  • Our delivery centers are ISO 27001 ISMS certified.
  • We use technologies & platforms like Google, Amazon, UiPath, and Acronis, who may have clusters of servers across the world and may also collect and hold your personal information overseas across a large multiple of countries.
  • All our delivery centres are equipped with NextGEN Firewall, which offers security measures including intrusion prevention, web filtering, zero-day protection and sandboxing.
  • All delivery centres have access to a minimum of two internet service providers, to ensure business continuity.
  • All our endpoints and servers benefit from antivirus software, which offers security measures including intrusion prevention and detection, anti-phishing, anti-malware  and firewall and browsing protection.
  • All our servers are geofenced and can be accessed only from our delivery centres.
  • All critical infrastructure including data is backed up regularly.
  • Access to internal data is controlled and only legitimate users are given access via service requests and approvals. 
  • Our service providers and partners are engaged under strict non-disclosure agreements and service level agreements, to ensure adequate support.
  • We execute restoration tests every quarter to ensure all backed up data can be restored successfully.
  • We run business continuity and disaster recovery drills twice per year, to ensure there is no impact on our business operations in case of any disaster at any of our delivery centres. 
  • All our endpoints and servers are patched regularly and hardened to ensure security standards are maintained.
  • We perform external vulnerability assessment and penetration testing for all our critical portals and websites, to ensure optimum security against any cyber threats.
  • Internet activity is monitored and controlled within the server environment.
  • Our staff are restricted from accessing personal email accounts within the office network, and work email accounts are configured to prevent sending data outside the office network. 
  • Our intranet, internal portals, software and sites have IP authentication in place so that no one can access these records outside our office premises.
  • Users access the systems via secure SSO (Single Sign-On) access. Credentials are safely stored in the vault and not shared with users. Internal software access is password-protected with enforced strength and regular update requirements.
  • Our security software is regularly updated with the latest definition signatures in accordance with the security device OEM (Original Equipment Manufacturer) guidelines.
  • All PCs within our organisation have an auto-lock feature to ensure PCs are not kept unlocked.
  • Network connections are permitted only for Befree’s authorized official devices.
  • We allow staff to work remotely from time to time. We make sure that staff exclusively work on the computer systems provided by the office and exclusively use the VPN when working and accessing our servers.

Servers and Support

Our servers are located in Australia and overseas, including in Singapore, UK and India. Our service level agreement (SLA) with the server provider ensures that:

  • A minimum of 99.00 % uptime.
  • All servers are protected by a NextGen firewall, which provides a fully redundant stateful failover during an outage, to ensure the highest security and reliability.
  • On-site and off-site continuous data protection services, to ensure our data is protected 24/7.
  • 24/7 support from our server provider.

Training and Education

  • All staff must sign a confidentiality agreement and comply with our security protocol relating to data, client information and business insights.
  • All staff have a duty to report any breach immediately so the appropriate action can be taken.
  • All staff must not share information outside the organisation. If the information is shared within our team, it must only be in reference to completing the work.
  • We deliver a Cyber Security Awareness Program via email to all our employees.
  • We conduct yearly Cyber Law Sessions for all our employees.
  • All our employees undergo yearly ISO 27001 ISMS training, followed by an exam.

We believe we have taken strict measures to ensure maximum security and protection of both our company and clients’ data. If you have any questions regarding our risk parameters, please feel free to contact us at info@befree.com.au  and we would be more than happy to discuss.

Note- Existing clients whose Statement of Work (SOW) was signed prior to 31st May 2026, may contact us using the details above to request a copy of the compliance and information security policy applicable at the time of signing.