We understand that information and data security is a key risk to our client funds and are committed to protecting client information by implementing appropriate security controls across our IT services and associated information technology ecosystem. We understand that effective management of cyber and information security risk is fundamental to the successful delivery, operations and management of services to our client funds.
We have obtained certification for the ISO/IEC 27001:2022 Standard “Information security, cybersecurity and privacy protection—Information security management systems—Requirements.”, with the most recent certificate being issued on 27th March 2025. Our ISO certification is renewed annually.
Our clients are central to the scope of our certification, with the following scope statement appearing on our certificate, which is available upon request:
The Information Security Management System applies to the Information Assets and related technology containing, or used to access, consumer information which IFS may obtain during the delivery of services to its clients.
We do not offshore any of our services. All data managed or controlled by IFS, including client data and back-up facilities, is securely held within Australia.
We undertake independent internal audits of our ISMS on an annual basis to ensure ongoing adherence to the ISO27001 standard. The results of these audits are reported to our Board and the Audit, Risk & Compliance Committee.We conduct annual penetration testing of our network, in partnership with specialist cybersecurity providers, to ensure a continuous cycle of improvement in our cybersecurity posture.
We deploy industry leading cybersecurity technology to ensure a layered approach to cybersecurity. This includes but is not limited to:
Perimeter protection: firewalls, web and email filtering and private data links
Access control: Two factor authentication, zero trust end-point connection
Data protection: data sovereignty, cryptography, data loss protection controls
Network monitoring: threat detection & logging, continuous vulnerability scanning, anti-virus
Third party risk assessments: annual assessments of our key suppliers and continuous monitoring via the UpGuard platform
Our People: Onboarding & background checks, security awareness training, continuous email security training
Disaster recovery: Third party cloud back-ups, annual BCP & DR testing, broad cyber insurance
