QED Group Information Security Statement
This statement concerns the security of all data held by the QED Group of companies, comprising QED Risk Services, QED Credit Services (Pursuit Broker Services) and CompliFast. The following should be read in conjunction with our Group privacy statement.
For the services that the Group provides to its clients, there is a lot of data of many types that is held in our systems. This includes personal information on our clients and a lot of very sensitive personal data of our clients' clients. Depending on the start-point of our relationship with our clients, a lot of information concerning the client's particulars and information about their business will be held on our office storage systems and this is all kept on Microsoft Sharepoint servers. A limited amount of this data is held locally on individual computers. This data is purged regularly so that only the most recently used data is held locally. Nonetheless, those individual machines are encrypted and password protected.
The largest body of data we hold is in our CompliFast system. The web server that hosts the CompliFast application is housed at a facility called Equinix in Sydney. However, any data that is uploaded to CompliFast passes through the web server and is stored in two separate Microsoft Azure servers in Australia.
Access to our data is stress-tested at least once per year by an alternating number of providers, including Cyber CX. Penetration testers first try to access our systems without any credentials. Next, they are provided with a login to CompliFast to access the system legitimately and see if they can "move sideways", gaining access to data that they are not permitted to access - e.g. the data of other CompliFast users and their client data. To date, this testing has never detected any issues other than small, administrative practices, which were addressed immediately by our Team.
Finally, any business's largest vulnerability - its people - require regular updates on trends and reminders on how they must and must not behave in relation to our systems. The QED Group Team has a reminder session at least 6-monthly on all the practices that relate to their role in the Group to ensure that they never, mistakenly allow other parties to gain access to any of our systems.
In the extremely unlikely event that there was ever some kind of data event, we have detailed procedures for closing down the problem, investigating and evaluating the event and making the appropriate disclosures in the shortest amount of time. As an absolute last resort - one that we hope to never use - QED Group does have a cyber loss insurance policy for your protection.
Putting all this together, anyone that has any involvement with QED Group and its systems and Team can be assured that their personal data and that of their clients is held in the most secure manner possible and is safe and secure with us.
25 September 2025