Data security

1. Technology controls

• LoanQ uses secure infrastructure hosted and protected by AWS firewalls. All AWS infrastructure in use is located in Australia.
• LoanQ utilises continuous Vulnerability Management and Web Application Scanning by Qualys. This solution provides near real-time network and external attack monitoring functionality.
• All of our workstations and network are protected using data encryption.

2. Management controls

• LoanQ uses a majority of services and integrations linked with Salestrekker CRM. Salestrekker has a SOC 2 accreditation in place. This accreditation documents extensive management controls in place. LoanQ is committed to obtaining a similar internationally recognised accreditation in FY2023.
• LoanQ undertakes annual penetration testing, resulting in periodic reviews and management of any existing or potential vulnerabilities.
• We utilise password controls using LastPass, mandated multi-factor authentication and enforced complex password policies.
• LoanQ has an active business continuity plan and a risk management plan in place. These are designed to manage ongoing risks and to provide business protection in situations where the loss of control might occur (e.g. natural disasters, technology breakdowns, etc).

3. Human controls

• All of our staff are security checked prior to joining our team.
• Our staff undergo extensive induction and scheduled ongoing training.
• All LoanQ staff are sufficiently supervised.
• LoanQ teams utilise secure monitored premises, and when working remotely, our devices are protected using Sophos endpoint security.