Compliance

ThreatDefence is committed to maintaining the highest standards of security, privacy, and compliance. Our compliance scope covers people, processes and technology — including our ThreatDefence platform, supporting infrastructure, and 24x7 SOC operations.

Global Standards and Certifications

ThreatDefence is certified and compliant with the following internationally recognised standards:

• ISO/IEC 27001 – Information Security Management System (ISMS) certification.

• SOC 2 – Assurance of secure systems, availability, confidentiality, and integrity.

• PCI DSS – Compliance for environments processing or transmitting payment data.

• GDPR (General Data Protection Regulation) – Alignment with EU and UK privacy regulations for processing and safeguarding personal data.

• HIPAA (Health Insurance Portability and Accountability Act) – Support for customers in the healthcare sector requiring healthcare data privacy and security controls.

Australian Standards and Frameworks

For our Australian customers and deployments, ThreatDefence maintains strict alignment with local frameworks and regulations. Our compliance scope extends across people, processes, and technology — including the ThreatDefence 24/7 SOC and platform located in Australia:

• ASD ISM (Information Security Manual) – Alignment with controls mandated by the Australian Cyber Security Centre (ACSC).

• Essential Eight – Baseline mitigation strategies for cyber security, continuously measured and reported.

• PSPF (Protective Security Policy Framework) – Support for compliance with Australian Government security obligations.

Audit and Assurance Support

ThreatDefence actively supports customers during internal and external audits by:

• Providing evidence and artefacts for ISO, IRAP, DISP, PCI DSS, SOC 2, HIPAA, and GDPR assessments.

• Coordinating with security officers to validate compliance requirements.

Copies of certifications and supporting evidence can be provided to customers upon request, subject to NDA or contractual obligations.

Customer Responsibilities

While ThreatDefence provides compliance-ready services, customers are responsible for:

• Keeping escalation contact lists up to date.

• Ensuring log sources and telemetry are enabled and accessible.

• Maintaining customer-side controls such as patching, access management, and backups.

• Participating in governance and compliance reviews to validate ongoing readiness.

References

• ISO/IEC 27001 Standard

• SOC 2 Trust Principles

• PCI DSS Standard

• GDPR Overview

• HIPAA Security Rule

• ASD Essential Eight

• Protective Security Policy Framework