ISOWELD

Home ?
Data Security Policy ?

Data Security

Effective Date: August 3, 2025

ISOweld, operated by Damien Crane (ABN: 50 803 660 487), is designed to support the secure management of compliance, operational, and business-critical data. This Data Security Policy describes the general security measures, responsibilities, and limitations applicable to the Platform. It should be read together with the Privacy Policy, Terms of Use, Third-Party Services & Integrations, Data Processing Agreement, and Security & Compliance.

1. Security Framework

ISOweld applies a layered security approach intended to reduce risk and support secure service delivery. Depending on configuration, this may include:

  • role-based access control to restrict permissions by user role and business need;
  • session management controls, including inactivity timeouts and session refresh practices;
  • authentication protections designed to limit unauthorised access;
  • input validation and sanitisation practices to reduce risk of malicious input;
  • prepared statements and structured database access methods;
  • logging and traceability for key user actions and record changes;
  • secure transmission over HTTPS/TLS where properly configured.

2. Audit Logging and Traceability

ISOweld supports traceability by recording selected system activities and record events. Depending on module configuration, logs may include:

  • user identifiers and timestamps;
  • create, edit, approve, reject, upload, and delete actions;
  • changes affecting certifications, qualifications, inductions, equipment, tooling, jobs, documents, and sign-ins;
  • record references used to support audit evidence and internal review.

These controls are intended to support accountability, document control, and audit readiness. They do not remove the customer’s responsibility to maintain appropriate internal procedures and supervision.

3. Data Storage and Hosting

Customer data may be stored using one or more of the following arrangements, depending on the feature and system configuration:

  • Local platform storage on ISOweld-managed systems;
  • Microsoft SharePoint / Microsoft 365 storage for document control and collaboration;
  • hybrid storage where different classes of data are stored in different systems.

Where Microsoft SharePoint integration is enabled, documents and files may be stored on Microsoft-managed cloud infrastructure and become subject to Microsoft’s technical, security, and retention controls.

4. Data Retention and Recovery

ISOweld is designed to support business record retention and traceability. However, retention periods, deletion outcomes, and recovery capabilities may vary depending on system settings, user actions, and third-party storage arrangements.

  • Audit logs may be retained for extended periods to support compliance and investigation requirements.
  • Active operational records may remain available while accounts or services remain active.
  • Deleted content may not always be recoverable, particularly where deletion occurs through third-party systems or customer-controlled storage.

5. User Responsibilities

Security is a shared responsibility. Users and customers are responsible for:

  • keeping login credentials confidential and secure;
  • ensuring devices used to access ISOweld are reasonably protected;
  • assigning roles and permissions appropriately within their organisation;
  • reviewing data for accuracy and correcting errors promptly;
  • using lawful, secure, and appropriate data handling practices;
  • notifying ISOweld promptly of suspected unauthorised access or security concerns.

6. Third-Party Systems and Integrations

ISOweld may rely on third-party services including Microsoft SharePoint, OpenAI, Google Maps Platform, ClickUp, and WorkflowMax2. These providers maintain separate systems, policies, and controls. ISOweld does not control their internal infrastructure, service availability, or data handling decisions once information is transmitted to their systems.

7. Security Incident Response

If a suspected security incident is identified, ISOweld may take reasonable steps to investigate, contain, and respond to the issue. Depending on the circumstances, this may include:

  • restricting access to affected systems or accounts;
  • reviewing logs and related records;
  • working with relevant third-party providers where external systems are involved;
  • communicating with affected customers where required by law or contract.

Any notification obligations remain subject to applicable law, available evidence, and the extent of control ISOweld has over the affected systems.

8. Standards and Compliance Alignment

ISOweld is developed with attention to quality, traceability, documented information control, and secure handling of records. References to standards or principles are intended to describe design alignment and operational intent. Unless expressly stated in a signed agreement, they do not constitute a representation that ISOweld itself holds independent certification to a specific information security standard.

9. Limitation of Liability

To the fullest extent permitted by Australian law, Damien Crane is not liable for security incidents, losses, damages, or business consequences arising from or connected with:

  • customer misconfiguration, weak credential practices, or user negligence;
  • malware, cyberattacks, phishing, ransomware, or unauthorised third-party activity;
  • downtime, service degradation, or infrastructure failures;
  • data loss, corruption, delayed synchronisation, or deletion events;
  • issues occurring within Microsoft SharePoint, Microsoft 365, or other third-party systems;
  • actions taken by users with valid credentials or assigned permissions.

10. Continuous Improvement

Security practices may be reviewed and updated from time to time to reflect evolving risks, business needs, infrastructure changes, and platform development priorities.

11. Changes to This Policy

We may update this policy at any time, with changes published at https://isoweld.damocrane.com/data-security.php and an updated effective date.

12. Contact Us

For data security questions, contact:

Damien Crane
Sole Trader, ISOweld
support@isoweld.damocrane.com
0498251470
New South Wales, Australia