-1.png?width=200&height=48&name=myWorksites-logo-for-light-background%20(1)-1.png){kind=logo}
Taking care of your data
myWorksites Security
Road corridor data is critical infrastructure data. Permit applications, traffic management plans, network schedules, contractor details — this information touches real-world operations and belongs to the authorities who are accountable for their networks.
myWorksites is built with security as a core requirement. Here is how we protect your data.
ISO 27001 Certified
myWorksites holds ISO 27001 certification, the internationally recognised standard for information security management. Certification means our security controls, policies, and processes have been independently audited and verified — not just documented.
ISO 27001 covers the full scope of how we manage information security: risk assessment and treatment, access controls, incident response, business continuity, and ongoing improvement. We maintain this certification through annual surveillance audits conducted by an accredited certification body.
A copy of our current certificate is available on request.
Independent Penetration Testing
We commission independent penetration tests of the myWorksites platform on a regular basis. These tests are conducted by specialist security firms and cover application-layer vulnerabilities, authentication controls, and data access paths.
Findings are reviewed and remediated as a priority. We do not wait for the next scheduled test to address issues.
An attestation of our most recent penetration test is available on request.
Data Hosting and Infrastructure
myWorksites is hosted on Amazon Web Services (AWS) infrastructure in Australia & New Zealand. Your data stays within Au & NZ and is not processed or stored outside of the countries.
We operate a monitored environment with network segmentation, regular patching cycles, and continuous security monitoring.
Access Controls
Access to myWorksites is controlled at the organisation level. Each organisation manages its own users and permissions, and access is scoped to what each user needs. There is no cross-organisation visibility of data unless explicitly configured.
myWorksites supports:
- Single Sign-On via Microsoft Entra (formerly Azure AD) and Google OAuth
- Role-based access control, configured per organisation
- Organisation-level data separation
- User invitation and permission management by your own administrators
Data Protection
All data transmitted to and from myWorksites is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256.
Incident Response
We maintain a documented incident response process covering detection, containment, investigation, and notification. In the event of a confirmed data breach affecting customer data, we will notify affected organisations promptly and in accordance with New Zealand privacy obligations under the Privacy Act 2020.
Business Continuity
myWorksites operates with automated backups, failover capability, and defined recovery objectives to minimise disruption to critical operations. Specific SLA commitments and recovery time targets are set out in our service agreements.
Responsible Disclosure
If you believe you have found a security vulnerability in myWorksites, please contact us before disclosing it publicly. We will acknowledge your report, investigate promptly, and keep you informed of progress.
Contact: security@myworksites.com
We will not take legal action against researchers who report vulnerabilities in good faith and act in accordance with this policy.
Questions
For security-related enquiries, contact security@myworksites.com or get in touch through the myWorksites help centre.