Data & Cyber Security

Data & Cyber Security Policy

Our Commitment to Protecting Your Information

At D.S Audit Services, we understand that protecting your information is critical to maintaining your trust. As a professional SMSF audit firm, we handle sensitive client and financial data every day — and we take that responsibility seriously.

We have implemented strict cyber security controls, industry best practices, and are proud to be certified under the Accounting Data Security Standard (ADSS), a recognised benchmark for data protection in the accounting and audit profession.

Why Security Matters to Us

The nature of our work requires us to manage highly confidential information. In today’s digital environment, cyber threats and data breaches are constant risks. Our approach to security ensures your data is protected at every stage — from receipt and processing, to secure storage and final delivery.

Our ADSS certification demonstrates our commitment to applying robust controls, regular reviews, and independent verification of our practices.

Accounting Data Security Standard (ADSS) Certification

Our ADSS certification means:

  • We meet strict security requirements for access control, encryption, and breach response.
  • We follow best-practice protocols for handling accounting, audit, and SMSF data.
  • You have the assurance of independent verification that your data is managed with integrity, confidentiality, and security.

Our Security Measures

1. Data Classification & Access Control

  • We classify all data as Confidential, Internal, or Public.
  • Access to client and SMSF audit files is restricted to authorised staff only.
  • Multi-factor authentication (MFA) and role-based permissions are in place.

2. Encryption & Secure Storage

  • All confidential data is encrypted both in transit and at rest.
  • We use secure, Australian-based cloud infrastructure.
  • Portable storage devices are encrypted or restricted from use.

3. Secure Communication

  • No personal email accounts are used for client communication.
  • Documents are shared via secure client portals or encrypted email services.
  • Internal communication tools are monitored and access controlled.

4. System & Network Protection

  • All systems are kept up to date with the latest patches and security updates.
  • We employ antivirus software, firewalls, and endpoint protection across all devices.
  • Remote devices must meet strict security standards before accessing firm systems.

Training & Awareness

All staff complete annual cyber security training and are regularly updated on emerging risks such as phishing attacks, ransomware, and social engineering threats.

Incident Response

If a data breach is suspected or detected:

  1. We immediately activate our Incident Response Plan.
  2. We contain the breach and mitigate risks.
  3. We notify affected parties where required under the Notifiable Data Breaches (NDB) Scheme.
  4. We conduct a post-incident review to strengthen our defences.

Third-Party Security

We only partner with trusted IT and cloud service providers. All third parties:

  • Sign confidentiality agreements.
  • Must comply with our security requirements and relevant industry standards.

Ongoing Review

Our Data & Cyber Security Policy is reviewed annually or whenever there are significant changes in technology, regulation, or risk. Our ADSS certification, combined with compliance under ASQM 1 and ISO 9001, ensures our security measures remain strong and effective.