Frequently Asked Questions: Online Accreditation System Implementation - Security and Privacy

---

Q1: What is an online accreditation system?

A: An online accreditation system is a digital platform that allows Exercise and Sports Science Australia (ESSA) to manage our course accreditation more effectively for collating application evidence and streamlining the accreditation workflow, making it more efficient and accessible. ESSA has engaged OpenWater to facilitate the development of our online system. 

 

Q2: Why is security important in an online accreditation system?

A: Security is crucial in an online accreditation system to protect sensitive data and ensure the integrity of the accreditation process. It safeguards private personal information, prevents unauthorised access, and maintains the confidentiality of accreditation records.

 

Q3: How can our online accreditation system ensure data privacy?

A: An online accreditation system can ensure data privacy by implementing robust encryption protocols to secure data transmission and storage. It should adhere to privacy regulations and best practices, such as obtaining user consent, anonymizing personal information when possible, and implementing strict access controls.

ESSA is also committed to managing personal information in accordance with the Australian Privacy Principles set out in schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 that amended the Privacy Act 1988. Click here to view ESSA Privacy Policy.

 

Q4: What security measures have been implemented in the online accreditation system?

A: Some essential security measures incorporated in the online accreditation system include:

• Regular security assessments and audits
• Secure password policies and storage mechanisms through encrypted servers
• Role-based access control to limit system access based on user roles and permissions
• Intrusion detection and prevention systems through state of art firewalls
• Regular software updates and patches to address security vulnerabilities
• Routine backups of account data and server scans for malware
• Data servers managed locally

 

Q5: What steps should have been taken to protect against data breaches?

A: To protect against data breaches, the online accreditation system includes the following measures:

• Regular security assessments and penetration testing
• Secure coding practices and code reviews
• Encryption of sensitive data, both at rest and in transit
• Regular backups and data recovery mechanisms
• Incident response plans to address and mitigate potential breaches
• Employee training on data security best practices

 

Q6: How does the online accreditation system handle user consent and data sharing?

A: ESSA collects and holds personal information for organisational requirements. The system provides the ability for members to access and amend their personal information via the members portal. 

OpenWater also does not view, use, distribute, disclose, or sell information stored or collected on an organisation’s behalf. This includes proprietary data, user information or applicant information.

 

Q7: Is the system compliant with security and privacy regulations?

A: Yes, our online accreditation system is designed to comply with relevant security and privacy regulations, such as the System Organisational Control (SOC) 2. Which monitors OpenWater’s security, privacy, and risk posture and reviews its staff training/recruitment processes, security compliance and access to data centres.

The OpenWater system is compliant with Payment Card Industry Data Security Standard (PCI DSS) requirements and engages an independent security firm to conduct monthly scans and PEN tests on the OpenWater platform. 

 

Q8: How can users report security or privacy concerns within the system?

A: Applicants and members are encouraged to report any security or privacy issues associated with the online accreditation system.

 

To report an issue, please contact ESSA support via email -  onlineaccreditation@essa.org.au