Seller: Superspeed.ai Pty Ltd
IP Owner & Licensor: Strategic Global Holdings Pty Ltd (ACN 693 256 503)
Effective Date: 1 January 2025
Version: 4.95 Ultra-Final
Document Owner: CTO, Superspeed.ai Pty Ltd
Review Cycle: Annual or upon security, regulatory, or infrastructure changes
1. Definitions
Includes: Information Security, PII, Access Control, Encryption, Incident Response, Vulnerability, Security Event, Threat Actor, High-Risk Data, and DRM.
2. Purpose & Scope
This Security Overview outlines the technical and organisational measures used to protect customer data, transactional systems, digital book assets, infrastructure, and related services across the e-commerce platform.
3. Security Governance Framework
Security governance aligns with internationally recognised standards, including:
- ISO/IEC 27001 (Information Security Management Systems)
- ISO/IEC 27002 (Security Controls)
- OWASP Application Security Principles
- NIST Cybersecurity Framework (Identify–Protect–Detect–Respond–Recover)
4. Infrastructure Security
Our systems operate on secure cloud infrastructure using:
- Network segmentation and isolation
- Tiered firewalls and WAF protection
- TLS 1.2+ encryption for all in-transit data
- Encrypted storage for all customer and transaction data
- Multi-region redundancy for critical workloads
5. Access Control & Authentication
Internal access is restricted using:
- Role-Based Access Control (RBAC)
- Multi-Factor Authentication (MFA)
- Least privilege principles
- Logged administrative actions
- Periodic access reviews
6. Application & Data Security
Measures include:
- Input validation and sanitisation
- Secure session management
- Regular dependency patching
- Anti-tampering controls for digital download delivery
- DRM and watermarking applied to digital content
7. Vulnerability Management
We maintain a structured program including:
- Automated vulnerability scanning
- External penetration testing
- Patch deployment cycles
- Security risk assessments and remediation
8. Logging, Monitoring & Detection
Security monitoring covers infrastructure, application, and authentication events. Logs are retained to support incident analysis and compliance requirements.
9. Incident Response
Incident response follows:
- Triage and containment
- Root-cause analysis
- Customer and regulator notification where required (APP, GDPR, PDPA, PIPL)
- Post-incident review and improvement tracking
10. Business Continuity & Disaster Recovery Alignment
Security posture integrates with Business Continuity & Resilience measures, including:
- Backup integrity verification
- Recovery procedures for digital content and storefront systems
- Redundant infrastructure
11. Supplier & Third-Party Security
All third-party providers (payment gateways, hosting providers, analytics vendors) must meet security requirements consistent with ISO 27001-equivalent controls.
12. Customer Responsibilities
Customers must:
- Protect their login credentials
- Use secure devices and networks
- Report suspicious account activity
13. Cross-Document Integration
This Security Overview aligns with: Business Continuity Statement, Privacy Policy, GDPR/UK Addendum, AI Governance Statements, Responsible Disclosure Policy, and E-Commerce Terms.