Security at Fielden

At Fielden, we take the security and confidentiality of our customers’ data seriously. Our security information page outlines how we protect your data, manage access, and comply with current industry‑recognised practices.

Our security commitment

Fielden is committed to maintaining a secure environment for our Enterprise Asset Management (EAM) products and related services. We design our systems with a focus on availability, integrity, and confidentiality of customer data.

We implement technical and organisational controls to protect against unauthorised access, disclosure, alteration, and destruction of information. Our approach is aligned with recognised security principles and is regularly reviewed and improved as threats and technologies evolve.

Infrastructure and hosting

Our products are hosted with our customers on secure public or private cloud infrastructure that provides industry‑standard security controls, including:

  • Encryption of data in transit using TLS.

  • Encryption of sensitive data at rest.

  • Regular patching and vulnerability management of underlying systems.

  • Network‑level protections such as firewalls, intrusion detection and prevention, and monitoring.

Access and identity management

Fielden enforces strict access controls for both customer‑facing systems and internal operations:

  • Role‑based access control (RBAC) ensures users can only access functionality and data required for their role.

  • Multi‑factor authentication (MFA) is encouraged (and may be required) for privileged accounts and internal‑only systems.

  • Password policies include complexity requirements and, where applicable, multi‑factor authentication for customer‑facing logins.

  • Session timeouts and secure‑cookie handling are applied to web interfaces.

Administrative access to production systems is tightly controlled, logged, and subject to periodic review.

Data protection and privacy

We treat customer data as confidential and implement safeguards to protect it:

  • Data is encrypted in transit and at rest using strong cryptographic standards.

  • We maintain strict segregation of customer data and do not use customer data for purposes other than those described in our terms and privacy policy.

  • Backups are performed regularly and stored securely, with appropriate retention and recovery procedures in place.

  • Disaster‑recovery and business‑continuity planning are in place to maintain service availability during incidents.

For more detail on how we handle personal information, including subject‑access rights and data‑retention, please refer to our Privacy Policy.

Secure software development

As a software‑centric business, we embed security into our development lifecycle:

  • Secure‑by‑design principles guide new features and architecture.

  • Code reviews and static‑analysis tools help detect common vulnerabilities early.

  • Regular security‑focused training is provided to engineering and operations teams.

  • Vulnerability disclosures and third‑party security findings are treated as priority items and addressed through defined processes.

We follow secure‑development best practices for inputs, authentication, session management, and error handling to reduce the risk of common web‑application vulnerabilities.

Compliance and audits

Fielden seeks to align with recognised security and compliance expectations in our target markets:

  • We maintain documented security and privacy policies covering areas such as access control, incident response, change management, and business continuity.

  • Where applicable, we participate in relevant compliance frameworks (SOC2) and may provide attestations or reports to qualified customers upon request, subject to contractual agreements and NDAs.

  • Independent assessments and penetration testing are conducted periodically to validate our security posture.

Customers are encouraged to contact us directly for the most current information relevant to their engagement.

Incident response and disclosure

We have an incident‑response process designed to detect, contain, and remediate security events promptly:

  • Security events are monitored and escalated through defined channels.

  • In the event of a confirmed incident affecting customer data, we will notify affected customers as required by law and our contractual obligations.

  • Post‑incident reviews are conducted to identify root causes and improve defences.

We welcome coordination with security researchers and customers who identify or suspect a vulnerability. See the “Vulnerability reporting” section below.

Vulnerability reporting

If you believe you have discovered a security vulnerability in our platform or services, please communicate it to us responsibly:

  • Send details to security@fielden.com.au.

  • Include:

    • A description of the issue.

    • Steps to reproduce.

    • Any relevant logs or screenshots (with sensitive information redacted).

  • Do not attempt to exploit the vulnerability beyond what is necessary to demonstrate the issue.

  • Do not share the vulnerability publicly before we have had a reasonable opportunity to investigate and remediate.

We aim to acknowledge reports within a few business days and will work to resolve issues promptly. We do not offer monetary bug‑bounty rewards, but we respect responsible disclosure and will work with you in good faith.

Sub‑processors and third‑party services

We may use third‑party services (for example, cloud providers, identity providers, analytics, or support tools) that process customer data on our behalf. These sub‑processors are selected based on security and privacy criteria and are contractually required to provide appropriate protection.

We maintain a list of key sub‑processors and may update this list periodically. Customers may request current information on significant sub‑processors relevant to their environment.

How you can help protect your data

While we maintain strong platform‑level security, customers also play an important role in protecting their data:

  • Use strong, unique passwords and enable multi‑factor authentication where available.

  • Limit access to the platform only to authorised users and roles.

  • Regularly review user accounts and permissions.

  • Secure internal networks and endpoints used to access the platform.

  • Follow internal security policies and training for your own organisation.

Sharing these practices between Fielden and our customers helps create a layered defence against threats.

Contact us

For security‑related questions, incident reports, or requests for additional security documentation, please contact:

Security email: security@fielden.com.au

General contact: via the contact form on our website.

We are always open to feedback and collaboration to strengthen the security of our platform, products, and services.