Security & Compliance

 

Built for trust. Designed for security.

At The Spec Sheet, security and privacy are fundamental to how we operate.

Our platform connects media owners, agencies and creative teams to manage advertising production workflows. Organisations rely on us to handle campaign information accurately, securely and responsibly — and we treat that responsibility seriously.

Security is embedded across our technology, operations and governance practices.

ISO 27001 Certified

The Spec Sheet is certified to ISO/IEC 27001, the internationally recognised standard for Information Security Management Systems (ISMS). This certification confirms that we maintain structured processes to identify risks, protect information and continuously improve our security controls.

  • Independent external certification audits conducted annually

  • Formal information security governance and risk management framework

  • Security controls applied across systems, infrastructure and operations

Security framework alignment

Our security program is aligned with SOC 2 security principles, supporting controls relating to:

  • Access management

  • System monitoring

  • Operational security

  • Protection of customer information

Secure access & identity management

Access to The Spec Sheet platform is protected through modern authentication and access controls.

  • Single Sign-On (SSO) support

  • Multi-Factor Authentication (MFA)

  • Role-Based Access Controls (RBAC)

  • Secure identity providers including Okta and Auth0

  • Audit logging supporting monitoring and investigation

Users access only the information relevant to their role and organisation.

Cloud infrastructure & data protection

The Spec Sheet platform is hosted on Amazon Web Services (AWS) infrastructure located in Australia. Data protection measures include:

  • Encryption in transit using TLS protocols

  • Encryption at rest using industry-standard encryption methods

  • Continuous infrastructure monitoring

  • Regular system patching and updates

  • Automated backups and recovery procedures

These controls support platform resilience and operational continuity.

Privacy & data handling

Privacy protection is central to our platform design and aligns with our published Privacy Policy.

  • Compliance with the Australian Privacy Act 1988 (Cth) and the New Zealand Privacy Act 2020

  • Personal information is never sold to third parties

  • Data is stored securely within Australia

  • Only limited business contact information is collected to operate and support the platform

We use Intercom to provide onboarding assistance and customer support communications.

Artificial intelligence

The Spec Sheet does not currently use artificial intelligence or automated decision-making systems to process personal information within the platform.

Trusted technology partners

We work with carefully selected technology providers to support delivery of our services, including:

  • Amazon Web Services (AWS) — cloud infrastructure

  • Okta and Auth0 — identity and authentication

  • Intercom — customer communications

Partners are selected based on security maturity and operate under contractual confidentiality and security obligations.

Incident response & operational resilience

Security preparedness forms part of our operational governance. We maintain defined procedures for:

  • Incident detection and response

  • Investigation and remediation

  • Notification where required under applicable privacy laws

Backup and recovery processes support platform availability and business continuity.

Your data, your control

Organisations using The Spec Sheet retain control over the information entered into the platform. We process customer data solely for the purpose of delivering and supporting the service.

Questions?

We’re happy to provide additional security or compliance information.

Email: support@thespecsheet.com

Address: 1 Butt St, Surry Hills NSW 2010, Australia