This document provides detail on the Data Privacy and Security Policies (DDPSP) for DyCom Group and its various entities.
Security and integrity of our clients business information and data is of paramount importance to us and we ensure this in the following ways that are outlined in this document :
DyCom Group consists of a number of registered Australian companies providing services to our clients in Australia. We have both onshore and offshore staff, however responsibility for our work and our team lies with the Australian entities.
DyCom uses a ‘layered’ approach to presenting the organisations Data Security and Privacy policies.
The detailed Policy provides more detail on all components of the full policy.
Individual DyCom entities have different requirements for data security and privacy. Privacy and Data Security documents are tailored for each entity as required by the types of client and information being handled.
The first step in defining the management of personal information is to identify the type of personal information that DyCom Group and its entities have access to. DyCom Group is primary a combination of individual entities providing technical and back office services to their clients.
DyCom has two key requirements to either store or access our clients personal information:
We provide a wide range of support and professional services to our clients. In providing these services we deal directly with staff of our clients and as such we collect basic personal information such as Company Name, Contact Name, Contact Phone numbers and Email addresses. This information is stored on our service management system located in Australia.
Access to this database is controller through a centrally managed password system (MYKI) and staff do not have access to passwords. If and when staff leave the organisation, access to this database is automatically terminated.
There are times where our staff require access to client information systems and applications such client accounting systems, service management systems and websites that that we are developing.
DyCom Group and all its members do not keep any personal information from these systems on any of its servers or local desktop or notebook computers. All client personal information is maintained on servers or databases under client control.
In situations where clients personal information is particularly sensitive we have the following systems that can be applied as required :
Staff working on these sensitive systems are provided with thin client terminals that have no accessible ports or hard drives.
Staff terminals in these situations are centrally managed and monitored using Kaseya which is our Remote Management Tool for InfoTech Service management.
We use and recommend the use of Myki which is a centrally controlled password Management system. Passwords are fully encrypted and staff require a special authentication process to
More information is available from the Myki Website : https://myki.com/app/
We also use and recommend the Myki two factor authentication systems where appropriate.
The only personal information we collect is information related to clients requiring our professional services. This information includes the following :
This information is stored in our Service Management portal Connectwise. Connectwise is located on servers in Australian data centres and had encrypted access with a centrally managed password control system.
The information is collected in one of two ways :
Our clients can send through the information via email and our team will enter it directly into our Service Management Portal.
Our client can provide the required information to our office staff over the phone. This will be entered directly into our service management portal.
Information held by DyCom is kept within our Service Management portal. This information is not available publicly and can be accessed by clients who have been giving remote access if required. A client may be able to correct personal information through the portal or may request one of our team to correct either by submitting a service request by email or direct phone call to our team.
In the event that one of our Privacy Policies is breached, complaints may be made by phone or preferably by sending an Urgent Service request to firstname.lastname@example.org
Complaints like this will go into an urgent service queue and be dealt with immediately.
DyCom employs staff from Australia and the Philippines. We have three key ways of ensuring data security, privacy and integrity when our offshore team are involved :
Two of the DyCom entities (DyCom Technology and DyCom SmartStaff) specialise in IT systems and Cyber Security solutions and we have up to date, monitored and comprehensive IT Security solutions that are applied across the group.
DyCom have strict policies when it comes to dealing with client information and we ensure that our staff read, understand and sign off on these policies.
DyCom has been in business since 1989 and we pride ourselves on the culture of integrity that we have developed of the past 30 years. All our staff, local and offshore are trained and nurtured in this culture and we run regular workshops to ensure that this is ingrained into our team members.
Our team in the Philippines are all full-time staff and are carefully and diligently selected as described in our ‘Staff Selection Process’ later in this document.
Contact details required for service management. These details are only required for staff of clients who will be submitting service requests and the nature of the personal information is quite basic and relatively low risk. It includes the information outlined below :
There are times that our staff need to access client information systems that include personal information. This might be for the purpose or providing services using client applications such as accounting systems or for doing development work on client systems such as websites or IT infrastructure. In these cases, our clients control the access to the personal information.
There is no personal data or information that is kept offshore. All information is located on servers in Australia.
Our offshore team are subject to the same non-disclosure policies that our local staff are and we ensure that access to personal information is controlled through our IT systems data security systems and policies.
One of the DyCom Group of companies is our network integration business DyCom Technology which was founded in 1989 and has significant expertise in data security. All data is located on our client’s network or in one of our secure data centres and access to and from data is fully encrypted.
Reasonable steps should include, where relevant, taking steps and implementing strategies in relation to the following:
All staff have centrally managed Anti-Virus, Anti-Spam and Anti-Malware setup on their local desktop or notebook computers.
The Cyber Security systems we use on our servers, desktops, workstations and Notebook computers is Webroot.
DyCom has adopted a centrally controlled password management system. This ensures integrity of passwords. We encourage our clients use this system on sensitive data.
Myki : Myki.com
For sensitive data and websites DyCom has a Multi-Factor Authentication system that we recommend and use.
We use and recommend VPN connections where possible and appropriate.
Loss may also occur as a result of theft following unauthorised access or modification of personal information or as a result of natural disasters such as floods, fires or power outages.
Selecting the right staff is one of the most important things we do. Our remuneration and benefits are amongst the best in the industry and consequently we attract the best people. We still have a very rigorous selection process and for every successful posting there are between 200 and 300 applicants that are screened. All staff have NBI (National Bureau of Investigation) Security clearance and have excellent references and backgrounds.
This first stage starts with a basic review of the resumes and we select only those who pass our requirements for the position. This includes things like Years of experience, type of experience and references. This process generally narrows the list of applicants down to around 30.
All Philippines staff are required to get National Bureau of Investigation clearance. This is a rigorous integrity and criminal checkup. It is very difficult and time consuming to get this clearance and staff protect it. In addition to this we also require Barangay clearance which is local council behavioural assessment.
This recorded interview takes around than 10 minutes and has 5 to 10 personality questions and 5 to 10 technical questions. This process generally narrows the selection down to between 10 and 12 prospects.
For candidates who need to deal directly with clients, verbal communication skills are important. For those who pass the recorded interview, the recording is passed onto a senior staff member for assessment. This generally narrows the field down to around 5.
The next part of the process could be a recorded technical test. This should really be designed to be less than 10 minutes.
These final candidates can be interviewed by a team leader which will hopefully get the list down to 3 or less
Final interviews are conducted by senior staff members and generally the selected candidate stands out.
DyCom Group and its entities employ staff in Australia and the Philippines. Our DyCom Group consists of a number of registered Australian companies providing services to our clients in Australia. We have both onshore and offshore staff, however responsibility for our work and our team lies with the Australian entities.