Information and data security is a critical focal point when working with super funds. Therefore, we are committed to protecting client information by implementing appropriate security controls across our IT services and associated information technology ecosystem. We understand that effective management of cyber and information security risk is fundamental to the successful delivery, operations and management of services to our client funds.
We have obtained certification for the ISO/IEC 27001:2022 Standard “Information security, cyber security and privacy protection—Information security management systems—Requirements.”, with the most recent certificate being issued on 27th March 2025.
We undertake independent internal audits of our ISMS on an annual basis to ensure ongoing adherence to the ISO27001 standard. The results of these audits are reported to our Board and the Audit, Risk & Compliance Committee.
We conduct annual penetration testing of our network, in partnership with specialist cybersecurity providers, to ensure a continuous cycle of improvement in our cyber security posture.
We deploy industry leading cyber security technology to ensure a layered approach to cyber security. This includes but is not limited to:
Perimeter protection: firewalls, web and email filtering and private data links
Access control: two factor authentication, zero trust end-point connection
Data protection: data sovereignty, cryptography, data loss protection controls
Network monitoring: threat detection & logging, continuous vulnerability scanning, anti-virus
Third party risk assessments: annual assessments of our key suppliers and continuous monitoring via the UpGuard platform
Our People: onboarding & background checks, security awareness training, continuous email security training
Disaster recovery: third party cloud back-ups, annual BCP & DR testing, broad cyber insurance
We outsource the management and security monitoring of the IFS Network (Azure & AWS) to Material Service Providers (MSP) with monitoring and supervision of these parties subject to the controls set out in our Outsourcing Policy. We rely on trusted third party cyber security experts to provide ongoing cyber security assessments of IFS’s network environment. We utilise a suite of Software as a Service (SaaS) applications, including services utilised by our clients. These SaaS are described in the table below. Each Material Service Provider is required to provide an annual attestation regarding compliance with CPS234.
