Pushworth On Line Security Policy

1. Purpose

The purpose of this Policy is to establish the security, governance and operational standards that protect the confidentiality, integrity and availability of all information processed through the Pushworth Marketplace™.
This Policy applies to every person granted access to any Pushworth digital platform including Employees, Contractors, Venue Clients, Suppliers, Administrators and authorised third-party service providers.
It supports compliance with:
Privacy Act 1988 (Cth)
Australian Privacy Principles
Notifiable Data Breaches Scheme
Copyright Act 1968
Spam Act 2003
Electronic Transactions legislation
other applicable Australian legislation.

2. Scope

This Policy applies to every Pushworth digital platform including:
Pushworth Marketplace™
Pushworth Live™Super.Live™
WebsiteClient Portal
Supplier Portal
Mobile Applications
API Integrations
Google Workspace
Xero
ClickUp
Slack
Canva
Pushworth WikiCloud
Storage
Backup Systems

3. Security Principles

Pushworth is committed to:
Confidentiality
Integrity
Availability
Accountability
Least Privilege Access
Defence in Depth
Continuous Improvement

4. Information Classification

Introduce four classifications:
Restricted
Examples:
TFNs
Super Fund Details
Banking
Contracts
Identity Verification
Payment Files

Confidential
Customer Information
Supplier Information
Calendar
Data
Reports

Internal
Policies
Procedures
Training

Public
Marketing Assets
Websites
Social Media

5. User Authentication

Every account must:
have an individual login
use a strong password
never be shared
be removed immediately upon termination
Recommend MFA.

6. Access Control

Role Based Access Control.
Examples:
Venue Administrator
Venue User
Booker
Accounts
Marketing
Supplier
Director
Developer
Support
Every permission documented.

7. Portal Security

Much stronger than 2025.Include:
HTTPS
TLS
Encrypted Passwords
Secure Cookies
Session Timeouts
Automatic Logout
Password Reset
Account Lockout
Audit Logging

8. Super.Live

New section.State that Pushworth stores:
Super FundMembership
USI
TFN (where required)
Payment HistoryE
xplain:only used for Super.Live administration.

9. Threat Management

Include the threat model you prepared.
Protect against:
Credential stuffing
SQL
Injection
Cross Site Scripting
IDOR
Phishing
Session Hijacking
Bot Scraping
Malware
Social Engineering
Ransomware

10. Upload Security

Virus scanning
File validation
Maximum file size
Allowed formats
Secure storage

11. Monitoring

Authentication logs
Download logs
Audit trail
Rate limiting
Intrusion monitoring

12. Incident Response

Immediate reporting.
Contain.
Investigate.
Recover.
Review.
Notify OAIC where required.

13. Data Retention

Financial
Contracts
Insurance
Super.Live Audit
Portal Accounts
Archived Users
Deletion schedule.

14. Third Party Providers

List:
Google
Xero
ClickUp
Cloudflare (if used)
HostingPayment gateways
State:
Pushworth only uses providers that maintain appropriate security standards.

15. AI

AI assists
Humans decide.
No automated legal decisions.
No automated financial decisions.
No automated contract approvals.

16. User Responsibilities

Venues.
Artists.
Bookers.
Employees.
Directors.
Developers.

17. Compliance

Annual review.
Penetration testing.
Access review.
Incident review.
Continuous improvement.

18. Acknowledgement

All users acknowledge this Policy by accepting the Pushworth Portal Terms of Use and, where applicable, through employment, contractor or onboarding agreements.