2Gen Information Security and Privacy Policy Statement

Statement of Intent

2Gen prides itself as being a leader in the IT services industry. As part of this, we recognise that we have a responsibility to protect all of the data we hold or process, whether it belongs to 2Gen, our employees, partners, customers, or suppliers. By protecting this data we can ensure that we maintain our reputation as a trusted employer and partner, enabling us to grow as a business and deliver exceptional service to our customers.

Cyber Security is our number one priority.

To demonstrate our commitment to information security 2Gen implement industry best practice security controls and assure the effectiveness of our controls following NIST best practices, partnering with Australian Cyber Security Centre and participating in their MSP3 program to continually improve our and our client’s cyber security postures.

It is the responsibility of all our staff, regardless of grade, to become familiar with our security management processes and to comply with all information security and privacy policies and the procedures that underpin them.

In turn, we commit to ensure that our security management systems and processes are efficient, effective and continuously improving to protect our data assets while avoiding the reputational, legal and financial harm that would result from a data breach.

Management and all staff fully support the information security management system and require all our staff, whether permanent or temporary, partner organisations, suppliers and contractors to do the same.

Richard Fitzgerald
Director – 2Gen Pty Ltd

Purpose and Scope

The purpose of the Information Security and Privacy Policy Statement is to demonstrate 2Gen’s commitment to protect 2Gens’, our employees and our customer’s information from security threats, whether internal or external, deliberate or accidental.

The Information Security and Privacy Policy Statement applies to all those who have access to 2Gen information, regardless of geographical location or the types of data that they have access to; this includes employees both permanent and temporary, contractors, suppliers and agents working on behalf of 2Gen.

Further Information Security and Privacy policies, standards and procedures shall be in place to ensure the principles within this document are met.


All members of 2GEN are responsible for the delivery of information security;

  • The Director ensures adequate and appropriate resources are in place to fulfil this policy statement.
  • Directors and senior leaders within 2Gen are responsible for supporting and ensuring adherence to policies and standards within their functional areas.
  • Managers and team leads are responsible for day to day management and implementation of security policies within their business areas and for ensuring compliance by their staff.
  • All employees, suppliers and our partners are responsible for understanding and adhering to the principles of this policy and the details defined in 2Gen polices and standards.

Information Security Principles

2Gen is committed to a number of security principles that apply to all areas and employees of 2Gen regardless of role or geographical location:

  • Protect 2Gen systems, buildings and information against unauthorised access.
  • Protect the confidentiality, integrity and availability of the information it collects, stores, transfers and processes in accordance with legislation, regulation, contractual requirements, and industry best practice.
  • Ensure policy requirements are communicated and understood by providing training and awareness to all employees
  • Apply 2Gen security standards to its supply chain and delivery partners
  • Ensure all actual or suspected breaches of information security are reported, assessed and investigated where necessary.
  • Ensure security risks are identified and managed through the appropriate channel
  • Assessing and measuring the maturity of information security controls and delivering on continuous improvement measures

Information Privacy Principles

2Gen is also committed to protecting personally identifiable Information and ensuring compliance with the European General Data Protection Regulation;

  • Collect only the personal information it needs and explaining why it needs it.
  • Sharing personal information within 2Gen or with other approved organisations only where there is a lawful reason for doing so and where the person concerned has given their consent.
  • Allowing people to request access to the personal information 2Gen holds on them, the right to have this information corrected if necessary and right to object if they believe their information has been mishandled.
  • Keeping personal information only as long as is necessary.
  • Taking appropriate measures to protect the rights and freedoms of individuals whose personal information may be transferred to countries with differing data protection laws.
  • Ensuring that actual or suspected breaches of these principles are reported and investigated appropriately.
  • Applying these standards to 2Gen’s supply chain and delivery partners.
  • Reviewing this policy annually to reflect new legal and regulatory developments and ensure we meet best practice.

Maintaining the Confidentiality, Availability and Integrity of both our own and our customers information is a requirement on all of us, from the most junior employee to our Directors.

We will treat the information entrusted to us by our customers respectfully and professionally taking account of Confidentiality, Integrity and Availability of the information as if it were our own. We will ensure that any information we process is done so legally and for legitimate business reasons.