Security Statement
Intelligent Energy Systems Pty Ltd (IES) is committed to protecting the confidentiality, integrity and availability of the systems, data and services we manage for our customers.
IES maintains an internal Information Security Policy that sets out our approach to protecting company, customer and operational information. This policy covers key areas including identity and access management, asset management, information classification and handling, cryptographic controls, incident response, secure deletion and disposal, physical and environmental security, security assessments, supplier management, system acquisition and development, security awareness training, remote access, and notifiable data breach response.
IES applies security controls based on risk, business need and applicable customer requirements. Access to systems and data is managed using the principles of least privilege, role-based access and individual accountability. Sensitive information is protected through appropriate access controls, encryption, monitoring and secure storage practices.
IES maintains processes for vulnerability management, patch management, system hardening, endpoint protection, security monitoring, incident reporting and response. Security incidents and suspected weaknesses are required to be reported promptly, assessed, recorded and managed through defined internal escalation processes.
IES also requires employees to complete security awareness training and acknowledge relevant policies and procedures. This helps ensure staff understand their responsibilities for protecting information, recognising cyber threats, reporting incidents, using systems appropriately and handling customer information securely.
IES security obligations also extend to advisory and consulting engagements. Customer information accessed during consulting, audit, implementation or support activities is handled confidentially, used only for authorised business purposes, and protected in accordance with applicable information handling and customer data protection requirements.
Essential Eight
IES has undergone an independent Essential Eight assessment conducted in 2025 by an external cyber security consultant. As part of this assessment, IES was assessed as meeting Essential Eight Maturity Level 1 across all eight mitigation strategies:
Essential Eight strategy | IES position |
Application control | Assessed as meeting Maturity Level 1. IES has implemented controls to reduce the risk of unauthorised or unwanted software execution. |
Patch applications | Assessed as meeting Maturity Level 1. IES maintains processes to identify, prioritise and apply application patches based on risk and operational requirements. |
Configure Microsoft Office macro settings | Assessed as meeting Maturity Level 1. IES has implemented controls to reduce the risk posed by Microsoft Office macros, including restrictions on macros from untrusted sources. |
User application hardening | Assessed as meeting Maturity Level 1. IES applies hardening controls to commonly used applications and reduces unnecessary or insecure functionality where appropriate. |
Restrict administrative privileges | Assessed as meeting Maturity Level 1. IES restricts administrative privileges using least privilege principles, controlled privileged access practices and monitoring of administrative activity. |
Patch operating systems | Assessed as meeting Maturity Level 1. IES maintains operating system patching processes for workstations, servers and relevant infrastructure, with patching prioritised according to risk. |
Multi-factor authentication | Assessed as meeting Maturity Level 1. IES uses multi-factor authentication across its systems and for privileged access. |
Regular backups | Assessed as meeting Maturity Level 1. IES maintains backup and recovery practices designed to support business continuity and restoration of important systems and data. |
IES reviews and improves its security controls over time as its operating environment, customer requirements and cyber security risks evolve. Customers or prospective customers with specific security queries are welcome to contact us directly.