Realtime Conveyancer User Security Policy

1. Scope of this policy

To maintain the overall security of the conveyancing ecosystem, the Realtime Conveyancer User Security Policy sets out the security requirements that organisations must ensure that they and their users adhere to when using Realtime Conveyancer’s Service.

2. Key user guidelines

2.1 General

2.1.1 Systems Security

The user must take all prudent and reasonable steps to:

(a) ensure that all of its systems and facilities which they use to access the Service are protected by the Logical Security measures set out in section 2.2 of this Policy and the Physical Security measures set out in section 2.3 of this Policy;

(b) prevent unauthorised access, damage, or interference to Realtime Conveyancer’s electronic systems, by any person employed or engaged by the organisation; or through any systems or access points owned or controlled by the organisation and through which the organisation can connect to Realtime Conveyancer’s Service.

(c) ensure the integrity and confidentiality of information retrieved and/or received from and/or supplied to Realtime Conveyancer and its Service.

The user must, immediately upon becoming aware, notify Realtime Conveyancer of any breach or suspected breach of these guidelines and, to the extent permissible, of the security measures taken to address or mitigate the breach and any potential future breaches of a similar type, method or process.

2.1.2 Supported browsers and devices

The preferred browser for accessing the Realtime Conveyancer Service is Google Chrome, followed by Firefox. The Service also supports the use of tablet and smartphone access.

2.1.3 Loss Mitigation

Users must, immediately upon becoming aware of any theft, unauthorised disclosure or improper use of credentials, ensure that they implement appropriate measures to mitigate any loss that may arise as a result of such theft, unauthorised disclosure or improper use.

2.2 Requirements to access the Realtime Conveyancer Service (Logical Security Measures)

2.2.1 Virus and Firewall Protection

Viruses (and malware) are forms of malicious software introduced into an electronic device with the malicious intent of causing harm to the IT systems to compromise the confidentiality, integrity or availability of any related IT system or data held on these systems.

The user must take prudent and reasonable steps to provide virus and firewall protection against any unauthorised intrusions or uncontrolled access to the systems and access points of the user through which the user may access the Realtime Conveyancer Service (regardless of whether such access occurs by means of the Internet or some other electronic form of communication). The user must ensure that its virus and firewall protection must have, at a minimum, the following attributes:

  • the ability to identify and remove viruses;
  • the ability to identify and remove other types of harmful computer software, generally referred to as malware (or malicious software);
  • the ability to automatically receive antivirus updates from the relevant antivirus software vendors;
  • the ability to automatically scan for viruses and malware in documents on servers and workstations; and
  • the ability to provide firewall protection either as a standalone device, or on the router and on the built-in software on the device.

Users must ensure that the commercially available antivirus and firewall software in use meets the criteria set out above. Without limitation, Realtime Conveyancer has identified the following antivirus and firewall software vendors who provide products that meet these criteria:

  • Symantec;
  • McAfee;
  • Trend Micro;
  • Microsoft Defender;
  • Kaspersky Lab; and
  • Sophos.

Users must make their own enquiries and satisfy themselves that the software they obtain meets the criteria set out above. Realtime Conveyancer disclaims any liability arising in connection with the use of any antivirus and firewall software used.

If you require further assistance in respect of antivirus or firewall protection, please refer to
https://www.staysmartonline.gov.au.

Users are required to maintain the security of their computer systems and keep them up to date, including taking reasonable steps to install patches and operating system updates.

2.3 Protecting Security Items (Physical Security Measures)

2.3.1 Protecting Access Credentials

Organisations must ensure that they and their users follow the requirements as set out in Section 2.7 of this document.

2.3.2 Prevent Caching of Credentials

The user must ensure that the systems and applications provided and utilised by users are not configured to cache passwords, PINs or passphrases needed to access the Realtime Conveyancer Service. Realtime Conveyancer may deploy software to prevent users from caching passwords, PINs and passphrases.

2.4 Training and Monitoring

2.4.1 Compliance with and access to this Policy

Organisations must provide a copy of these guidelines to users prior to allowing them access to the Realtime Conveyancer Service. Users must take reasonable steps to ensure they understand and comply with these guidelines.

2.4.2 Monitoring

Users must take reasonable steps to monitor the usage of systems and activities of those who are accessing the Realtime Conveyancer Service to identify unusual or suspicious activities.

2.4.3 Training Obligation

Organisations must take reasonable steps to provide users with the training required to enable users to adhere with these guidelines.

2.5 Users

2.5.1 User access

Organisations must take reasonable steps to ensure that user profiles and access credentials are not shared between different users.

2.5.2 User management

Organisations must perform regular checks of its user profiles and, where applicable, de-activate inactive profiles. Organisations must regularly validate those details relating to each of its users to ensure they are correct.

2.5.3 Compromised Access Credentials

Organisations must immediately revoke a user’s access to the Realtime Conveyancer Service for any suspected or confirmed compromise of the credentials which they use to access the Realtime Conveyancer Service (“Access Credentials”).

2.5.4 Re-enabling Access

Organisations must only re-enable access to the Realtime Conveyancer Service after taking reasonable steps to mitigate the risk of the compromise recurring.

2.6 Revoking Authorisation

2.6.1 Access to the Realtime Conveyancer Service

When an organisation no longer wants a user to access the Realtime Conveyancer Service at all, or in a particular capacity (e.g. Signers and Administrators), then the organisation must promptly modify the user’s access privileges accordingly. Organisations must regularly (and in any event, at least annually) review access privileges granted to users. These access privileges must be promptly updated if they are no longer accurate.

2.7 Organisational Obligations

Organisations must comply, and must take reasonable steps to ensure that users comply, with the following requirements:

2.7.1 Protecting passwords

Organisations must make, and take reasonable steps to ensure users make, passwords as strong as possible. Passwords used to access the Realtime Conveyancer Service must be at least eight characters long and must contain a combination of all 4 of the following categories: upper case [A-Z] letters, lower case letters [a-z], numbers [0-9], and special characters [e.g., @#$%]. Username or personal details must not be used in passwords. Organisations must ensure that passwords, PINs and passphrases used in the Realtime Conveyancer Service by users are:

  • not disclosed to anyone, including a colleague, supervisor, family member or friend;
  • not disclosed to anyone whilst being entered into electronic equipment or systems;
  • immediately changed if the user becomes aware that a particular password, PIN or passphrase has become known or used by someone else;
  • not be closely associated with the user’s identity such that it may be easily guessed by others. This means avoiding the use of the user’s date of birth, name, phone numbers or similar items as passwords, passphrases or PINs; and
  • be different from other existing Access Credentials.

2.7.2 Reporting non-compliance

Organisations must take reasonable steps to ensure that users promptly report all suspected or actual breaches of these guidelines to the organisation.

3. Multi-factor Authentication

Users may be required to perform multi-factor authentication to access the Realtime Conveyancer Service or to perform certain actions within the Realtime Conveyancer Service. Realtime Conveyancer reserves the right to determine the method and frequency of multi-factor authentication, which may change from time to time.

4. Reporting Obligations

The organisation must, immediately upon becoming aware, notify Realtime Conveyancer of any breach of this Policy that may affect the Realtime Conveyancer Service or the integrity or security of the conveyancing ecosystem.

5. Ongoing Review of these guidelines

These guidelines may be reviewed and amended by Realtime Conveyancer as required from time to time.

Loading

Submitting form...
Please do not reload this page