Broadband Service Security Policy
Effective Date: 1/10/2024
Last Reviewed: 1/7/2024
Owner: BTIT Consulting Ltd.
Purpose
This policy outlines the security measures applied to BTIT’s broadband services to protect customer data, ensure service availability, and comply with New Zealand laws and regulations, including the Privacy Act 2020, Telecommunications Information Privacy Code 2020, and Telecommunications Act 2001.
Scope
This policy applies to all BTIT broadband customers, including residential and business users, and covers the transmission, handling, and storage of data, network security, and operational management of our broadband services.
Key Security Principles
1. Data Privacy and Protection
- We collect, process, and store only the data necessary to provide broadband services.
- All personal data is managed in compliance with the Privacy Act 2020 and the Telecommunications Information Privacy Code 2020.
- Customers have the right to access and correct their personal information.
- Customer data will not be shared with third parties without consent, unless required by law (e.g., law enforcement requests).
2. Network Security
- Encryption: All customer data transmitted over our network is encrypted to protect against eavesdropping and interception.
- Firewalls and Intrusion Detection: We use advanced firewalls and intrusion detection systems to monitor and protect our network from malicious activity.
- Geo-blocking: International access to sensitive management interfaces is restricted to New Zealand and Australia, in accordance with customer preferences.
3. User Authentication and Access Control
- For any online service provided, the user accounts are protected with strong, unique passwords.
- Customers can manage their access to online services through secure customer portals with multi-factor authentication (MFA) options.
- We continuously monitor access logs for suspicious activity and notify customers of any unauthorised access attempts.
4. Service Availability and Continuity
- We maintain robust infrastructure with redundant systems to ensure service availability.
- Business customers can opt for Diamond HTC (100/100) class for enhanced service priority and reliability.
- We follow best practices for disaster recovery, including regular backups and incident response planning.
5. Customer Responsibility
- Customers are responsible for securing their home or office networks, including using strong Wi-Fi passwords and regularly updating firmware on personal devices.
- Business customers must ensure appropriate internal controls to manage employee access to business-critical resources.
6. Monitoring and Incident Response
- Our network is continuously monitored for threats and performance issues.
- Any detected security incident will trigger our Incident Response Plan, and affected customers will be notified promptly.
- Where applicable, we work closely with New Zealand's Computer Emergency Response Team (CERT NZ) and National Cyber Security Centre (NCSC) to address and mitigate security threats.
7. Compliance with Legal Obligations
- We comply with lawful interception requests under the Telecommunications Act 2001, ensuring access is granted only to authorised law enforcement agencies.
- Any breaches involving personal data will be reported to the Office of the Privacy Commissioner as required by the Privacy Act 2020.
8. Vulnerabilities and Patching
- Regular software and firmware updates are applied across our infrastructure to mitigate vulnerabilities.
- Critical patches are applied as soon as practicable to minimise exposure to risks.
Breach Notification
- In the event of a data breach affecting personal data, we will notify the impacted customers and report the incident to the Office of the Privacy Commissioner within the legally required timeframe.
Review and Updates
This policy will be reviewed annually or whenever significant changes occur to our broadband services or New Zealand legislation.
Contact
For questions or concerns about this policy, please contact:
BTIT Ltd. Support Team
support@btit.nz
+64 (0) 4 282 0918