We adhere to:

• Standard: We follow established industry benchmarks to ensure consistency, security, and reliability in all data handling and communication workflows.
• Regulations & Laws: Our services comply with Australian privacy laws, APRA standards, and other regulatory frameworks to safeguard sensitive customer information.
• Policies & Governance: We maintain internal protocols that align with external compliance requirements, ensuring transparency, accountability, and operational integrity.
• Law: Laws are statutory requirements enacted by governmental bodies. Compliance with laws is non-negotiable and forms the foundation of our operational integrity. By adhering to all relevant laws, we ensure that our business practices are lawful and that we uphold the rule of law in all our dealings.
• Requirements & Rules: Whether it’s consent-driven marketing or transactional messaging, our solutions are designed to meet mandatory compliance requirements with precision.
• Transparency: We provide complete visibility into how customer data is processed and used across all communication channels.
• Sector-Specific Compliance: From APRA-regulated financial services to not-for-profits and government bodies, our CCM practices are tailored to match each sector’s compliance obligations.
• Australian Consumer Law (ACL): We ensure our statements, service offerings, and communications are always clear, truthful, and non-misleading.

Essential Eight Security Controls

To further strengthen our compliance and risk management framework, Hexcen implements the Australian Cyber Security Centre’s Essential Eight as a foundation for our information security practices. These controls form the cornerstone of our technical and operational risk management, particularly for our wealth management and superannuation clients.

Our Essential Eight controls include:

• Application Control: Only trusted software and applications are permitted to run on our systems.
• Patch Applications: Security updates are promptly applied to all applications to reduce vulnerabilities.
• Configure Microsoft Office Macro Settings: Macro functionality is restricted to minimise the risk of malicious code.
• User Application Hardening: Default settings are hardened to protect against exploits in web browsers and common software.
• Restrict Administrative Privileges: System admin access is tightly controlled and regularly reviewed.
• Patch Operating Systems: Operating systems are kept up to date with the latest security patches.
• Multi-Factor Authentication (MFA): All systems require MFA for user access, adding a vital layer of protection.
• Regular Backups: Data is securely and regularly backed up, ensuring resilience and business continuity.

Continuous Improvement & Client Assurance

We routinely assess our cyber security maturity and work towards advancing our Essential Eight controls to meet evolving threats and client expectations.
Our commitment to the Essential Eight gives clients confidence that Hexcen’s IT services and data handling practices are robust, transparent, and aligned with Australian Government and APRA expectations.