Version: 1.0
Effective Date: 8 June 2026
Approved By: Digital Nomad Forum Association Inc.
1. Purpose
The purpose of this Information Security Policy is to protect the confidentiality, integrity, and availability of information managed by the Digital Nomad Council (DNC).
This policy establishes the principles, responsibilities, and security requirements necessary to safeguard DNC information assets, digital platforms, systems, services, members, partners, students, volunteers, and stakeholders.
2. Scope
This policy applies to:
- Directors and committee members
- Executive members
- Employees and contractors
- Volunteers and advisors
- Mentors and trainers
- Students and community members
- Third-party service providers
- All DNC digital systems and platforms
Including but not limited to:
- DNC websites
- Community platforms
- Learning management systems
- Customer relationship management systems
- Cloud infrastructure
- Email systems
- Databases
- Mobile applications
- Social media management platforms
3. Security Objectives
DNC is committed to ensuring:
Confidentiality
Information is accessible only to authorised individuals.
Integrity
Information remains accurate, complete, and protected against unauthorised modification.
Availability
Information and systems remain accessible when required for legitimate business purposes.
Accountability
Users are responsible for activities performed using their accounts and credentials.
4. Roles and Responsibilities
Board and Executive Committee
Responsible for:
- Governance oversight
- Security strategy approval
- Risk management oversight
- Compliance monitoring
System Administrators
Responsible for:
- System maintenance
- Security monitoring
- Access management
- Backup management
- Incident response
Users
Responsible for:
- Protecting passwords
- Following security procedures
- Reporting security incidents
- Using systems responsibly
5. Access Control
Access to DNC systems shall be based on the principle of least privilege.
Users shall only receive access necessary for their role.
DNC may implement:
- Multi-factor authentication (MFA)
- Role-based access control (RBAC)
- Single sign-on (SSO)
- Password policies
- Account lockout mechanisms
Accounts may be suspended or removed when no longer required.
6. Password Requirements
Users must:
- Create strong passwords
- Maintain password confidentiality
- Avoid password sharing
- Use unique passwords where possible
DNC may require:
- Minimum password length
- Periodic password updates
- Multi-factor authentication
7. Acceptable Use
Users must not:
- Access information without authorization
- Share confidential information improperly
- Distribute malware or malicious software
- Attempt to bypass security controls
- Use DNC systems for unlawful purposes
- Engage in activities that compromise system security
DNC reserves the right to monitor systems where permitted by law.
8. Data Protection
DNC shall implement reasonable measures to protect:
- Member information
- Student records
- Applicant data
- Financial information
- Training materials
- Research data
- Business information
- Intellectual property
Security measures may include:
- Encryption
- Access restrictions
- Secure backups
- Audit logging
- Secure transmission protocols
9. Cloud Security
Cloud services used by DNC shall:
- Be approved by authorised personnel
- Use secure authentication methods
- Implement encryption where appropriate
- Maintain appropriate access controls
Examples may include:
- AWS
- Google Workspace
- Microsoft 365
- Salesforce
- Learning management platforms
10. Endpoint Security
Devices accessing DNC systems should:
- Use updated operating systems
- Maintain current security patches
- Use anti-malware protection where appropriate
- Be protected against unauthorised access
Lost or stolen devices must be reported immediately.
11. Backup and Recovery
DNC shall maintain appropriate backup procedures.
Backups should:
- Be performed regularly
- Be tested periodically
- Be stored securely
- Support business continuity requirements
12. Security Monitoring
DNC may implement:
- Log monitoring
- Network monitoring
- Intrusion detection
- Performance monitoring
- Security alerting systems
Monitoring activities are conducted to protect DNC assets and users.
13. Incident Management
All security incidents must be reported promptly.
Examples include:
- Data breaches
- Unauthorised access
- Malware infections
- Credential compromise
- System outages
- Loss of confidential information
DNC shall investigate incidents and take appropriate corrective actions.
14. Third-Party Security
Third-party suppliers and service providers with access to DNC information may be required to:
- Maintain appropriate security controls
- Protect confidential information
- Comply with contractual obligations
- Notify DNC of security incidents affecting DNC data
15. Privacy Compliance
DNC will manage personal information in accordance with:
- Australian Privacy Act 1988 (Cth)
- Australian Privacy Principles (APPs)
- Applicable international privacy laws where relevant
Users should refer to the DNC Privacy Policy for further information.
16. Policy Violations
Violations of this policy may result in:
- Suspension of access privileges
- Disciplinary action
- Termination of memberships or appointments
- Legal action where appropriate
17. Review and Maintenance
This policy shall be reviewed:
- Annually; or
- Following significant security incidents; or
- Following major regulatory or operational changes
18. Contact Information
Questions regarding this policy should be directed to:
Digital Nomad Council (DNC)
Email: security@dncouncil.org
Website: https://dncouncil.org
Document Control
| Version | Date | Description |
|---|---|---|
| 1.0 | 8 June 2026 | Initial Release |