We understand your concerns regarding the security of your account and your data.
As per our privacy policy, we do send mobile notifications, marketing emails, newsletters, and invitations to our users to promote our services and free content (i.e., webinars and video series) but if you prefer not to receive any of those, you can always let us know and we will humbly unsubscribe your account so that you will not receive those kinds of promotions.
If you engage our parent company, Empower Wealth for their financial services such as mortgage broking, financial planning and tax accounting, we may disclose your personal information to prospective funders/lenders, lenders mortgage insurers, the ATO and credit reporting bodies or other intermediaries to ensure that we can deliver on our services.
In regards to your concern about security, the portal is secured with two options of 2-factor authentication to make sure that you and an authorized user can access your account securely. We currently employ Google Authenticator as well as an SMS authenticator to make sure that you can only log in to your account from a verified device and remove the risk of your account being hacked especially since you may have some sensitive information saved there.
Overview
Integrated Pathways Pty Ltd (parent company of Moorr and Empower Wealth Advisory services) is committed to the ongoing implementation, management and monitoring of security across the entire group of companies.
As an integrated business our goal is to facilitate and enhance security maturity across all the businesses within the group to ensure the ongoing protection of customer data, and to proactively manage and mitigate against information security risks.
Please note that Moorr acts as both a financial management application as well as a customer portal for users who wish to engage Empower Wealth Advisory services, as such some of the processes below regarding handling of customer data to facilitate advisory services will not be applicable to a Moorr user who has not decided to engage Empower Wealth.
Customer Data Management
From a data management and data handling perspective, management and security of personal data is our highest priority. As such customer data in Moorr along with all customer data handled and managed by our advisory services is encrypted at rest, transmitted via SSL (Secure Socket Layer) encryption and only processed on or accessed via company managed devices which are encrypted at rest and run endpoint protection. In addition to this, firewalls, network segregation and network access controls have been put in place to secure all the relevant infrastructure where customer data is hosted, stored or processed.
Access by staff to all systems holding customer data is governed by 2FA authentication and randomly generated secure passwords managed via password management software. Access controls are in place to manage and govern the information which staff have access to limit access to customer information relative to work tasks such as when providing financial advice or conducting a mortgage application.
As part of our ongoing security roadmap, access controls for customer data will be further enhanced over the next few months as we further restrict access to customer data to individual staff members working on a job task and move towards ‘Just in Time’ permission grants and access controls. These new controls will be accompanied by new data handling procedures and policies as we further strengthen our security management.
Secure Development, Hosting & Vulnerability Management
All code produced by our development team undergoes peer reviews and quality assurance to ensure the appropriate security, access and authentication controls have been implemented within the logic of our applications. All third-party libraries used within our application are regularly reviewed for vulnerabilities and upgraded as required. We periodically review our implementation against the OWASP security risks, whist factoring secure design practices from standards such as PCI-DSS.
Where possible we try to utilize serverless infrastructure to reduce the overhead of vulnerability management for the infrastructure hosting our systems. In the few cases where virtual machines or appliances are used these are appropriately patched and updated as required.
Compliance
We comply with all relevant data protection laws and regulations, including the Australian Privacy Principles (APPs). This compliance reflects our dedication to handling your personal information with the utmost care and responsibility.
Our Ongoing Commitment to Security
We understand and are committed to improving the security of our business, our customers and their data. As part of our security roadmap, we are committed to improving the security maturity within our business as we continue to grow. Within the current financial year, we are planning to appointment of a dedicated Security Operations Manager across the group of companies and commence the implementation of an ISMS (Information Security Management System) utilizing the ISO27001 framework as a guide. Our objective is to apply a coordinated program of Governance, Risk and Compliance with an internal audit function to focus on proactive risk management, monitoring and mitigation.
Once again, we’d like to emphasise that we, at Moorr, value our customer’s right to data privacy and we will continue to take all measures to protect and secure your account. Any changes that need to be done to your account will be only done with your consent and you can always opt-out from receiving any marketing notifications from us by letting us know through this link: https://www.moorr.com.au/support.
Last Updated July 2024