Terms and Conditions
Employment Screening Australia
- Defined Terms & Interpretation
In these terms and conditions, unless the contrary intention appears
ACIC – means Australian Criminal Intelligence Commission the, Accrediting Body and principal provider of Police History Information.
Agency Check – includes Police Checks, VEVO Checks, Bankruptcy Checks and any other check, verification, document or data file containing Agency Information that ESA provides to the LEC in conducting the Services.
Agency Information – includes the information about an individual received by ESA from a Government Agency or other authorised third party in conducting the Services, including, without limitation, Police History Information, Visa Entitlement and/or insolvency information.
Applicant means a person in relation to whom the Legal Entity LEC seeks a nationally coordinated criminal history check.
Australian Privacy Principle Entity (or APP Entity) has the same meaning given to the term ‘APP entity’ in the Privacy Act 1988 (Cth).
Bankruptcy Check – means the document or data file that ESA provides to LEC(s) containing personal insolvency information received from the Australian Financial Security Authority (AFSA) about an individual.
Business Day – means a day in Queensland, Australia, that is not a Saturday, a Sunday or a gazetted public holiday in that State.
Business Hours – means the period between 9.00am and 5.00pm on a Business Day.
Claim – means a claim, demand or proceeding arising out of a cause of action, including breach of contract, tort (including negligence) and any other common law, equitable or statutory cause of action.
Commencement Date – means the date that the Individual Applicant or Legal Entity LEC accepts these Terms and Conditions
Commonwealth – means the Commonwealth of Australia and includes the ACIC.
Commonwealth Confidential Information – means information that;
(a) is Police Information;
(b) is provided by, or originates from, the Commonwealth and is by its nature confidential, including the name or contact details of any staff member or security information relating to the provision of the Service; or
(c) the ACIC and the Accredited Body have agreed in writing is confidential (whether through the ACIC Agreement or otherwise).
Confidential Information of a Disclosing Party means;
(a) the following information, regardless of its form and whether the Receiving Party becomes aware of it before or after the date of these terms and conditions;
information that is by its nature confidential;
(b) information the Receiving Party knows, or ought to know, is confidential;
all notes and other records prepared by the Receiving Party based on or incorporating information referred to in paragraph (5a);
(c) all copies of the information, notes and other records referred to in paragraphs (1) and (2), but excludes information that the Receiving Party creates (whether alone or jointly with any third person) independently of the Disclosing Party; or is public knowledge (otherwise than as a result of a breach of confidentiality by the Receiving Party or any of its permitted disclosers).
Customer Request – means the completed application form, request to provide Services, or similar application or request completed or submitted by the Individual Applicant or Legal Entity LEC to ESA requesting an Agency Check.
Damages – means all liabilities, losses, damages, costs and expenses (including all legal costs determined on a solicitor and own client basis) whether incurred or awarded against a party, disbursements, costs of investigation, litigation, settlement and judgment, and interest, fines and penalties, regardless of the Claim under which they arise.
DIBP – means the Australian Government Department of Immigration and Border Protection.
Disclosing Party – means a party who discloses or makes available Confidential Information to a Receiving Party.
ESA Pre-Existing IPR – means any Intellectual Property Rights owned and created by ESA prior to the Commencement Date (together with any improvements, modifications and enhancements made to those rights during the term of terms and conditions).
ESA Systems – means all hardware, software, materials and resources used by (or on behalf of) ESA to provide the Services (and includes the Web Tools).
External Factors has the meaning given in clause 2.3(b).
Fees – means the fees to be paid by the individual Applicant or LEC to ESA at or about the time that the Individual Applicant or LEC submits a Request for Services.
Force Majeure means act of God, lightning, storm, flood, fire, earthquake, explosion cyclone, tidal wave, landslide or adverse weather conditions; act of public enemy, war (declared or undeclared), act of terrorism, sabotage, blockade, revolution, riot, insurrection, civil commotion or epidemic; the effect of any applicable laws, orders, rules or regulations of any government or other competent authority; embargo, power or water shortage or lack of transportation; any External Factors; or any other event beyond the reasonable control of a party.
Governmental Agency – means any governmental, semi-governmental or judicial entity or authority, in Australia or overseas, and including without limitation ACIC and DIBP.
Harmful Code – means any virus, worm, trojan horse, trapdoor, software switch, time bomb, slicing routine, corruptive code, logic bomb, disabling code, disabling routine or expiration dates as these words are generally understood within the technology industry and any equivalent or similar corruptive mechanism.
Individual Applicant – is a person who applies for their own personal information via the Agency.
Informed Consent – means a consent form (in physical or electronic format)
(a) is completed by the Applicant and includes the Applicant’s signature (in physical or electronic format) and date of signature; and
(b) if the Applicant is under 18 years of age — is completed, dated and signed by a parent or legal guardian of the Applicant and includes the signature (in physical or electronic format) of the parent or legal guardian and date of
(c) sets out at a minimum;
- the Applicant’s surname and given name(s);
- an acknowledgement that the Applicant consents to a nationally coordinated criminal history check being;
- undertaken on all names under which the Applicant was, is or has been known, as provided by the Applicant
- the purpose of the nationally coordinated criminal history check;
- the purpose(s) for which the Applicant’s Personal Information is being collected and the purpose(s) for which the nationally coordinated criminal history check is being undertaken;
- any person to whom, or organisation to which, Personal Information (including Police Information) may be disclosed and in what circumstances (including the Accredited Body, the ACIC, Australian police agencies and third parties);
- where consent is required for a Permitted Offshore Transfer, the details of to whom and in which country or countries the Applicant’s Personal Information will be disclosed;
- any Law which requires that the Applicant’s Personal Information be collected and the consequences of noncompliance;
- an acknowledgement that the Applicant understands that their Personal Information may be used for general law enforcement purposes, including those purposes set out in the Australian Crime Commission Act 2002 (Cth);
- information that the Applicant is required to contact the Legal Entity Customer (LEC) or Accredited Agency in the first instance in relation to any dispute about the result of the nationally coordinated criminal history check in relation to the Applicant;
- information about the nationally coordinated criminal history dispute process including the contact details of LEC or Accredited Agency complaints and privacy officer;
- if a Law requires Police Information about the Applicant to be disclosed to another person or organisation information that the Police Information will be disclosed to that person or organisation and the basis for the disclosure; and
- the LEC’s full name and contact details.
Intellectual Property Rights – means the current and future registered and unregistered rights comprised in;
- any patents, patentable invention, discoveries, copyright, rights in circuit layouts, designs, registered designs, trade and service marks, trade names and any right to have confidential information kept confidential;
- computer program material (including computer software computer object code, computer source code, user manuals, tables, charts, flow charts, programming manuals, algorithms, formulas, diagrams, plans, drawing techniques, data, data structures, logical ideas, concepts and processes);
- any application or right to apply for registration of any of the rights referred to in paragraph (a); and all rights of a similar nature to any of the rights in paragraphs (a) and (b) which may subsist anywhere in the world (including Australia).
International Check – means the document or data file that ESA provides to LEC(s) containing Agency Information received by ESA from a Government Agency or other authorised third party located in a jurisdiction outside of Australia.
Laws – means all laws, rules and regulation in any jurisdiction, including (without limitation);
- the common law and equity;
- any statute, regulation, by-law, ordinance or subordinate legislation (including the Privacy Laws);
- any licence, permit, authorisation, accreditation, code of practice, code of conduct, order, direction or other requirement which is enforceable against the LEC or ESA (as the case may be) or which is issued under an instrument referred to in paragraph (b), and includes any amendment, change, update or replacement to any of them that may be implemented or take effect during the term of this terms and conditions;
- and with respect to any International Check, anything specified in sub-paragraphs (a), (b) or (c) of this definition applicable in the relevant overseas jurisdiction.
LEC Data – means data and information relating to the LEC and its operations, facilities, personnel, assets, products, sales and transactions.
Legal Entity Customer (LEC) – means a registered business which has;
- Entered into an approved services agreement with ESA; and
- receives police history information from ESA.
Nationally Coordinated Criminal History Check – means a criminal history check conducted, in relation to an Individual Applicant, by the ACIC as part of the ACIC Service and carried out in accordance with the ACIC Agreement between the ACIC and the Accredited Body in relation to the ACIC Service, and the Police Information about an Applicant provided by the Accredited Body to the Legal Entity LEC in a physical or electronic format as a result of the submission of the nationally coordinated criminal history check Application.
Nationally coordinated criminal history check Application (Application) – means a form (in physical or electronic format) completed by the Applicant, or on behalf of the Applicant, submitted to the Accredited Body requesting the ACIC to conduct a nationally coordinated criminal history check in relation to an Applicant.
Nationally coordinated criminal history check category – means one or more categories listed in Item 5 of Schedule 1 to this Contract, being the categories and purpose for which the Legal Entity LEC is permitted to collect, use or disclose Personal Information and Police Information under clause 6.1.3(a) of this Contract.
National Policing Information – has the meaning given in the Australian Crime Commission Act 2002
Permitted Offshore Transfer – means the permitted transfer of Personal Information or Police Information to a location outside Australia, where
the transfer is:
(a) necessary to provide an Applicant with access to the result of a nationally coordinated criminal history check in relation to the Applicant, where;
(i) the Applicant is located outside Australia; and
(ii) the Applicant has consented to the transfer or supply of Personal Information or Police Information to a location outside Australia; and/or
(b) for the purpose of routing Personal Information or Police Information through servers located outside Australia, where:
(i) the end recipient of that Personal Information or Police Information is located within Australia; and
(ii) the Personal Information or Police Information is retained or stored only on databases, servers or systems located within Australia; and/or
(c) for the purposes of retaining or storing Personal Information or Police Information on databases, services or systems located outside Australia where;
(i) the Applicant has consented to the retention or storage; and
(ii) the ACIC has approved, in writing, the Accredited Body’s ICT environment for the retention or storage of Personal Information or Police Information on databases, services or systems located outside Australia; and/or
(d) for any other purpose for which the Applicant has consented to the transfer or supply of Personal Information or Police Information to a location outside Australia;
Personal Information has the meaning given in the Privacy Act 1988 (Cth).
Personnel – means;
(a) in relation to the Legal Entity LEC, the Legal Entity LEC’s each employee, each Subcontractor and any officer, contractor, partner, volunteer, agent, director, board member of the Legal Entity LEC or a Subcontractor;
(b) in relation to the Accredited Body, the Accredited Body’s authorised officer, each Subcontractor and any officer, employee, contractor, partner, volunteer, agent, director, board member of the Accredited Body or a Subcontractor; and
(c) in relation to the Commonwealth, officers, employees, volunteers, agents or contractors of the ACIC or any entity that is contracted by the ACIC other than the persons and entities referred to in paragraph (a) of this definition.
Police Check means the document or data file that ESA provides to LEC containing the relevant Police History Information.
Police History Information – means the police history information received from ACIC about an individual.
Privacy Act – means the Privacy Act 1988 (Cth).
Privacy Laws – means;
- the Privacy Act, the Health Records Act 2001 (Vic), the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth);
- all codes, guidelines, service standards and procedures issued by a Governmental Authority; and all other laws, rules and regulation in any relevant jurisdiction (including Australia), to the extent they relate to the privacy, protection, use or disclosure of Personal Information or data.
Receiving Party – means a party to these terms and conditions who obtains Confidential Information of the other party to these terms and conditions.
Safeguards – means practices that a professional organisation handling Personal Information would implement to appropriately protect that information.
Services – means the services provided by ESA to LECs under these terms and conditions, including specifically the provision of Agency Checks.
VEVO Check – means the document or data file that ESA provides to LEC(s) containing the relevant Visa Entitlement Information.
Visa Entitlement Information – means the visa status, work entitlement(s) and other information received from DIBP about an individual.
Website – means the ESA website located at employmentscreeningaustralia.com.au (or any successor website as notified to the LEC from time to time).
Web Tools – means any software, interface or other tools made available to the LEC by ESA to enable the LEC to receive the benefit of the Services.
In these terms and conditions, unless the contrary intention appears;
- headings are for ease of reference only and do not affect the meaning of these terms and conditions;
- the singular includes the plural and vice versa and words importing a gender include other genders;
- other grammatical forms of defined words or expressions have corresponding meanings;
- a reference to a clause, paragraph, schedule or attachment is a reference to a clause or paragraph of or schedule or attachment to these terms and conditions and a reference to these terms and conditions includes any schedules and attachments;
- a reference to a document or agreement, including these terms and conditions, includes a reference to that document or agreement as novated, altered or replaced from time to time;
- a reference to a party includes its executors, administrators, successors and permitted assigns;
- the meaning of general words is not limited by specific examples introduced by including, for example or similar expressions;
- any agreement, representation, warranty or indemnity by two or more parties (including where two or more persons are included in the same defined term) binds them jointly and severally;
- words and expressions importing natural persons include partnerships, bodies corporate, associations, governments and governmental and local authorities and agencies; and
- a reference to any statute or other legislation is to a statute or other legislation as amended or replaced from time to time.
- Service Delivery and Use
2.1 Performance of Services
- provide the Services; and
- permit the Individual Applicant or LEC to access and use the Web Tools for the purposes of receiving the benefit of the Services.
2.2 Access to the Web Tools
- The Individual Applicant or LEC must;
- at its cost, provide appropriate access devices, software, operating conditions, cabling, telephone lines, modems and internet connections required for it to access the Web Tools and otherwise receive the benefit of the Services;
- ensure that no unauthorised use is made of the Web Tools;
- comply with all of ESA operating and security requirements and procedures relating to;
- access to the Web Tools; and
- the use of the Services, (including in respect of passwords and other security information) as displayed on the Website or otherwise notified to the Individual Applicant or LEC from time to time.
- other than as expressly permitted under these terms and conditions, not obtain (nor attempt to obtain) any access to, or interfere with;
- any programs or data of ESA or any other client of ESA; or
ii any part of the ESA Systems, hardware, software or networks.
- not introduce any Harmful Code into the ESA Systems.
- If the Individual Applicant or LEC becomes aware of, or suspects that a breach of any of the obligations set out in this clause 2.2 has occurred, the Individual Applicant or LEC must promptly notify ESA, in which case ESA may take such action as it considers appropriate (which may include changing the Individual Applicant or LEC’s passwords and other security information.
2.3 No Guarantee of continuity of Services
- Despite anything else in these terms and conditions, ESA does not undertake, warrant or guarantee that the Services (including access to the Web Tools or other ESA Systems) will be uninterrupted, continuous or error or defect free.
- The Individual Applicant and LEC acknowledges and agrees that its use of the Services is dependent on, and affected by, a number of environmental and other factors outside of the reasonable control of ESA (‘External Factors’).
- To the maximum extent permitted by law ESA (and its directors, employees and agents) will have no liability whatsoever relating to any failure of, or interruption in the performance of, the Services resulting from any external factors.
- In the event of failure of the Services, ESA will use reasonable commercial endeavours to restore the Services to an operational state with the minimum practicable delay.
- The Individual Applicant or LEC acknowledges that, from time to time, ESA will conduct routine and other maintenance on the Website and the ESA Systems.
- The Individual Applicant or LEC acknowledges and agrees that ESA may suspend the Services (including the Individual Applicant or LEC’s access to the Web Tools) if;
- ESA is required to do so by Law or any Governmental Agency; or
- the Individual Applicant or LEC breaches any provision of these terms and conditions.
2.4 Agency Information
- Agency Information is provided to ESA by Government Agencies and authorised third parties (including ACIC, VEVO and ASIC in Australia), and ESA uses this information to provide Agency Checks to Individual Applicants and LECs (including, without limitation, Police Checks, VEVO Checks and Bankruptcy Checks).
- ESA does not have direct access to any Agency Information, and ESA relies on the information provided to it from the relevant Government Agency or authorised third party (as the case may be) to perform the Services and provide Agency Checks to Individual Applicants or LECs.
- Individual Applicant or LEC acknowledges that;
- ESA does not have direct access to Agency Information (including without limitation Police History Information or Visa Entitlement Information);
- ESA is not responsible for Agency Information (including without limitation Police History Information or Visa Entitlement Information) provided to Individual Applicant or LEC on any Agency Check;
- ESA cannot change, modify or adapt any Agency Information on any Agency Check (including without limitation any Police Check, VEVO Check or Bankruptcy Check); and
- the accuracy and quality of Agency Information is dependent on the relevant Government Agency or authorised third party (as the case may be), and ESA is not responsible for any inaccurate information provided to LECs.
2.5 Information provided by the Individual Applicant or LEC
- Without limitation to any other consent(s) or approval(s) the Individual Applicant or LEC provides in relation to the Services the Individual Applicant or LEC acknowledges and agrees that;
- the Individual Applicant or LEC consents to ESA using and disclosing Personal Information:
i to conduct any Agency Check that is the subject of the Individual Applicant or LEC’s Customer Request;
- as required by ESA to provide the Services and perform its obligations under these terms and conditions; and
- The Individual Applicant or LEC is solely responsible and liable for ensuring that all information provided to ESA by the Individual Applicant or LEC (including any Personal Information) is accurate, complete and up to date, is not misleading, does not infringe any other person’s rights and is not provided in breach of any applicable Law. ESA is not responsible for any consequences if ESA has relied on information provided by the Individual Applicant or LEC, and such information is inaccurate or incomplete.
- LEC’s Obligations
3.1 Licenses and Compliance
- The LEC must;
- comply with all applicable Laws;
- comply with ESA directions, policies and procedures relating to the use of the ESA Systems and the Service including, but not limited to;
- any applicable Law (including the Privacy Laws); or
- any other rules or guidelines posted on the Website or otherwise notified to the LEC by ESA from time to time;
- not act in any way that may have a detrimental effect on the good will or good standing of ESA;
- not act in a way that may expose ESA to the risk of any legal or administrative action including prosecution under any Laws; or
- not act in a way that will interfere with or disrupt ESA’s business.
3.2 Responsibility for Usage of Services
- The LEC is solely responsible for all lodgements of LEC Requests (whether on its own behalf or on behalf of a third party).
- The LEC acknowledges and agrees that, notwithstanding paragraph (1), ESA may, in their absolute discretion, monitor the LEC Requests being lodged by or on behalf of the LEC using the Services.
- The LEC must bear all costs arising out of any complaints made in connection with the LEC Requests lodged (including complaints made by any Governmental Agency).
- On request by ESA from time to time, the LEC must provide ESA with information that ESA may reasonably request concerning the LEC’s use of the Services.
- Payment and Charging
4.1 Variation to Fees
- ESA may from time to time, in its absolute discretion, vary the Fees with respect to Services.
- ESA undertakes to inform Individual Applicant or LEC, in advance, of any fee increases.
- In lodging a Customer Request, the Individual Applicant or LEC is considered to have acknowledged and accepted the fees that are current on the date of lodgement.
4.2 Basis for charging
The Individual Applicant and LEC agrees that;
- each time the Individual Applicant or LEC lodges a Customer Request the Individual Applicant or LEC will be charged the Fees (which may be varied by ESA from time to time in accordance with clause 3);
- when a Customer Request is received from an Individual Applicant or LEC, the Fees will be charged to the Individual Applicant or LEC as soon as a Customer Request is entered into the ESA Systems and regardless of whether or not the Customer Request has been checked for accuracy or completeness; and
- the Fees will be set by ESA and as varied under clause 3.
- ESA is under no obligation to provide the Services if the Individual Applicant or LEC has not paid Fees to ESA in clear funds on the due date for payment.
- If the Individual Applicant or LEC fails to comply with any of these terms and conditions, any money which the Individual Applicant or LEC has paid to ESA on account of any Customer Request may be forfeited to ESA. ESA may also take legal action against a LEC to recover the balance of the Fees and any other amounts owing to it under these terms and conditions.
4.3.1 Extenuating Circumstances
- ESA only offers refunds where ESA determines, at its discretion, that extenuating circumstances apply to the Individual Applicant or LEC. Without limitation, Individual Applicants or LECs will not be eligible for a refund of any amounts paid with respect to the Services if the Individual Applicant or LEC has not;
- provided true and correct information with respect to any relevant Customer Request;
- properly and accurately completed any online application with respect to the relevant Agency Check;
- properly provided all consents (including by signing and dating any pre-populated informed consent form) required by ESA with respect to the relevant Services; or
- properly provided all identification information required by ESA with respect to the relevant Services.
4.3.2 No Refund
- ESA is not responsible for, and the Individual Applicant or LEC acknowledges that the Individual Applicant or LEC is not entitled to, any refund with respect to;
- data entry errors that have been made by the Individual Applicant or LEC, the failure by the Individual Applicant or LEC to provide required details and other information (including identification information), or the provision by the Individual Applicant or LEC of false or incorrect information with respect to the relevant Customer Request;
- Individual Applicants or LECs that have changed their mind after completing a Customer Request;
- selection by the Individual Applicant or LEC of the wrong Agency Check type and/or reason for the Agency Check when completing the relevant Customer Request; or
- failure by the Individual Applicant or LEC to properly complete a Customer Request, including by failing to sign, date and return any informed consent form required with respect to the Services.
4.3.3 Refund Charge
- ESA may charge a non-negotiable refund-processing fee of $7.50 (GST inclusive) with respect to any request for a refund.
- The refund-processing fee will be subtracted from any refund amount that is approved by ESA and will be retained by ESA.
- To request a refund, please email
- Refund requests must include the Individual Applicant’s first name and surname, date of birth, the reference number with respect to the relevant Services (if possible), and a brief description of why the refund is required. ESA will then assess the refund request and determine if the Individual Applicant or LEC is eligible for a refund.
- To the full extent permitted by Law, ESA reserves the right to reject any application for a refund in its absolute discretion.
- Termination of Customer Request
5.1 Right to not proceed with a Customer Request
- ESA may, at its sole discretion, choose to withdraw and not proceed with completion of a Customer Request if;
a for individuals applying online, the application process cannot be completed without a valid credit card/ payment
- For LECs, fees are not paid in full by the due date; or
- ESA is unable to contact the Individual Applicant or LEC for any reason.
5.2 Incomplete Customer Requests
- The Individual Applicant or LEC must complete all Customer Requests within three months after the Commencement Date.
- If, for whatever reason, the Individual Applicant or LEC fails to complete a Customer Request within this time (including, without limitation, where ESA has requested further information from the Individual Applicant or LEC and the Individual Applicant or LEC has failed to respond), ESA may, in its absolute discretion, cancel or archive the Customer Request and any money that has been paid to ESA, on account of that Customer Request, will be forfeited to ESA and ESA is released from all Claims and any obligations to provide the Services in connection with that Customer Request.
6.1 Defined terms
- In this clause 6, a word or expression defined in the A New Tax System (Goods `and Services Tax) Act 1999 (Cth) has the meaning given to it in that Act.
6.2 GST inclusive amounts.
- For the purposes of these terms and conditions, where the expression GST Inclusive is used in relation to an amount payable or other consideration to be provided for a supply under these terms and conditions, the amount or consideration will not be increased on account of any GST payable on that supply.
6.2 Consideration GST exclusive
- Any consideration to be paid or provided for a supply made under or in connection with these terms and conditions, unless specifically described in these terms and conditions as GST inclusive, does not include an amount on account of GST.
6.3 Gross up of consideration
- Despite any other provision in these terms and conditions, if a party (Supplier) makes a supply under, or in connection with, these terms and conditions on which GST is imposed (not being a supply the consideration for which is specifically described in these terms and conditions as GST inclusive);
- the consideration payable or to be provided for that supply under these terms and conditions but for the application of this clause (GST exclusive consideration) is increased by, and the recipient of the supply (Recipient) must also pay to the Supplier, an amount equal to the GST payable by the Supplier on that supply; and
- the amount by which the GST exclusive consideration is increased must be paid to the Supplier by the Recipient without set off, deduction or requirement for demand, at the same time as the GST exclusive consideration is payable or to be provided.
6.4 Reimbursement (net down)
- If a payment to a party under these terms and conditions is a reimbursement or indemnification, calculated by reference to a loss, cost or expense incurred by that party, then the payment will be reduced by the amount of any input tax credit to which that party is entitled for that loss, cost or expense.
- Other Taxes
- Except as otherwise specified in these terms and conditions, the Fees and any other fees and charges payable by the Individual Applicant or LEC under these terms and conditions are exclusive of all taxes, duties and charges imposed or levied in Australia or overseas in connection with these terms and conditions or the Services, which are the responsibility of the Individual Applicant or LEC. Without limiting the foregoing, the LEC is solely responsible for any taxes, duties or charges imposed subsequent to the Commencement Date in respect of these terms and conditions.
- Intellectual Property Rights
8.1 ESA IP Rights
- The LEC acknowledges that, unless and to the extent stipulated to the contrary in these terms and conditions, ESA remains the sole owner of and retain all Intellectual Property Rights with respect to the Services, including specifically all Intellectual Property Rights in and;
- to the Website and the ESA Systems;
- all ESA Pre-Existing IPR; and
- all documentation, know-how, methodologies, equipment, systems, processes and other materials supplied or made available to the LEC under, or in connection with, these terms and conditions, and nothing in these terms and conditions transfers or assigns to the LEC any of those rights.
8.2 LEC IP Rights
- ESA acknowledges and agrees that, as between the parties, the LEC retains all Intellectual Property Rights in the LEC Data.
- The LEC grants to ESA a non-exclusive, non-transferable, royalty-free licence to use and reproduce the LEC Data solely for the purpose of enabling ESA to discharge its obligations under these terms and conditions.
- The Accredited Body grants to the LEC a royalty-free, non-exclusive licence to use and communicate Police Information in accordance with this Terms of Service.
8.3 Commonwealth IP Rights
- Intellectual Property in Police Information is owned by the Commonwealth and the Australian police agencies. Nothing in this Terms of Service affects the ownership of Intellectual Property in Police Information (including any copy thereof) provided to the LEC.
- No change to ownership of other relevant documents
- Nothing in this Contract affects the Commonwealth’s ownership of Intellectual Property in any other material relevant to or associated with the Service, including branding, graphic design, policies, guidance materials,
certificates and forms.
9.1 Each party;
- agrees to be bound by the Privacy Laws applicable to it with respect to any act done, or practice engaged in, by the party for the purposes of these terms and conditions (including, in relation to the LEC, in respect of the collection, use, disclosure and storage of the Personal Information);
- must (and must ensure that its Personnel) comply with;
- the Privacy Laws and all guidelines issued by applicable privacy office (and any similar regulatory bodies); and
- the privacy procedures or policies of ESA as varied by ESA from time to time.
- must notify the other party immediately;
- of any complaint from any person alleging a breach of the Privacy Laws;
- if it becomes aware of a breach, or a suspected or possible breach, by it of any of its obligations under this clause 9; or
iii. if it becomes aware that any disclosure of Personal Information may be required by Law.
- cooperate with the other party in;
- resolving any complaint alleging a breach of the Privacy Laws or any privacy statement regarding any Personal Information; and
- providing access to any record of Personal Information following a request from an individual; and
- take appropriate technical and organisational measures to prevent (to the extent reasonably practicable);
- unauthorised or unlawful use or disclosure of; and
- accidental loss or destruction of, or damage to, Personal Information.
- Data Protection
- ESA will, in accordance with its Information Security Policy;
- only use Individual Applicant or LEC Data held by ESA (or to which ESA has access);
- for the purpose of fulfilling its obligations under these terms and conditions;
- as required by any applicable Law and, where applicable, under any agreement ESA has with a Government Agency in relation to the provision of the Services (including specifically any agreement ESA has with ACIC with respect to the National Police Checking Service established by ACIC); and
- establish and maintain reasonable safeguards against the destruction, loss or alteration of Individual Applicant or LEC Data in the possession, custody or control of ESA; and
- use its reasonable endeavours to protect the Individual Applicant or LEC Data from destruction, loss, alteration or security breaches while the LEC Data is stored in the ESA Systems.
11.1 The LEC warrants to ESA that;
- it has the requisite power and authority to enter into these terms and conditions and to carry out the obligations contemplated by these terms and conditions;
- the transmission of Customer Requests (or related data or information) will not infringe the Intellectual Property Rights or other rights of any person, it holds (and will at all times continue to hold) all rights permits, licences, authorisations and accreditations required for it to perform its obligations under these terms and conditions; and
- the performance of its obligations under these terms and conditions will comply with all such rights, permits, licences, authorisations and accreditations; and
- not contravene any applicable Laws.
- Exclusion of Warranties and Limited Liability
12.1 Exclusion of warranties
- ESA excludes all express and (to the maximum extent permitted by law) implied conditions, warranties and liabilities, except for any liability or implied condition or warranty the exclusion or limitation of which would contravene any applicable statute or cause any part of this clause to be void (Non-excludable Condition).
- To the maximum extent permitted by law, ESA’s liability to the LEC for breach of any Non-excludable Condition is limited, at ESA’s option, to;
- in the case of goods, repair or replacement of the goods or payment of the cost of the repair or replacement; and
- in the case of services, resupply of the services or payment of the cost of the resupply.
12.2 Exclusion of liability
- ESA excludes all liability;
- in relation to Customer Requests (or related data or information) transmitted by the Individual Applicant or LEC using the Services (including any liability to third parties arising as a result of the transmission of any Customer Requests (or related data or information));
- for loss of revenue, loss of goodwill, loss of capital, downtime costs, loss of profit, loss of or damage to reputation, loss under or in relation to any other contract, loss of data, loss of use of data, loss of anticipated savings or benefits, the cost of procuring any substitute services, or any indirect, consequential or special loss, damage, cost or expense or other Claims for consequential compensation, incurred by or awarded against the LEC under or in any way connected with these terms and conditions or the provision of the Services;
- in relation to any condition, warranty, right or liability which would otherwise be implied in these terms and conditions or protected by law;
- in relation to any error or omission in any ESA Check;
- in relation to the accuracy or completeness of the Agency Information, to the extent that it is dependent on a number of factors outside ESA’s control (such as the accuracy and operation of ACIC’s National Police Checking Service or DIBP’s online visa checking service); and
- in relation to the security and operation of the Services and the process of provision of any Agency Checks, to the extent that they may be dependent on matters beyond the control of ESA (such as the respective Government Agencies’ or police authorities’ systems and databases, internet connectivity and network issues as well as routine maintenance or downtime).
12.3 Liability cap
- Subject to Clause 12.2 and 12.4, but despite any other provision of these terms and conditions, ESA’s total aggregate liability for any and all Damages suffered or incurred by the LEC under or in any way connected with these terms and conditions or the provision of the Services is limited to an amount equal to the Fees paid by the LEC to ESA under these terms and conditions.
12.4 Application of exclusions and limitations
- The exclusions and limitations of liability in Clause 12.2 and 12.3 apply whether the relevant Claim is made under statute, in tort (for negligence or otherwise), under an indemnity, in equity or otherwise; and do not exclude or limit the application of any provision of any statute (including the Competition and Consumer Act 2010 (Cth)) where to do so would contravene that statute; or cause any part of this clause to be void.
- The Individual Applicant or LEC indemnifies ESA and its Personnel (those indemnified), and will hold those indemnified harmless, against all Damages suffered or incurred by any or all of those indemnified arising, directly or indirectly, out of or in connection with;
- a breach of these terms and conditions by the Individual Applicant or LEC;
- the transmission of any Customer Requests or Agency Checks (including any Damages sustained or incurred by those indemnified in connection with complaints or Claims relating to any Customer Requests or Agency Checks);
- any negligent or fraudulent act, error or omission on the part of the Individual Applicant, the LEC or its Personnel;
- loss of or damage to any property or injury to or death of any person caused by any act or omission of the Individual Applicant, the LEC or its Personnel; or
- any Claim by a third party against ESA relating to the Services or the subject matter of these terms and conditions.
- Termination and Suspension of Service
14.1 Termination by the LEC for convenience
- The LEC may terminate these terms and conditions at any time, for convenience, by giving ESA five business days’ notice in writing to that effect.
14.2 Termination by ESA
- Notwithstanding any other provision in these terms and conditions, ESA reserves its right to withdraw or suspend any Services for any reason that ESA deems appropriate.
- ESA may, at its absolute discretion and without giving any reason, refuse to provide Services to a LEC or any person or persons.
14.3 Termination by ESA for cause
- ESA may terminate these terms and conditions immediately by notice to the LEC if;
- the LEC commits any breach of these terms and conditions that is;
- capable of remedy and the LEC fails to remedy the breach within 14 business days after receiving written notice requiring it to do so; or
- incapable of remedy.
- the LEC ceases to be able to pay its debts as they become due or fails to comply with a statutory demand;
- any step is taken by a mortgagee to take possession or dispose of the whole or part of the LEC’s assets, operations or business;
- any step is taken to enter into any arrangement between the LEC and its creditors;
- any step is taken to appoint a receiver, a receiver and manager, a trustee in bankruptcy, a provisional liquidator, a liquidator, an administrator or other like person of the whole or part of the LEC’s assets, operations or business;
- the LEC disposes of the whole or part of its assets, operations or business other than in the ordinary course of business;
- the LEC ceases to carry on business; or
- where the LEC is a partnership, any step is taken to dissolve that partnership.
- the Accredited Body is satisfied on reasonable grounds that the LEC is unable or unwilling to satisfy the terms of this Contract;
- anything analogous to, or of a similar effect to, anything described in subclauses 14.3 (1) a – i occurs in respect of the LEC; or
- another provision of this Contract allows for termination under this clause 14.3
- This clause 14.3 does not affect the Accredited Body’s other rights under this Contract or otherwise at law.
14.4 Termination of Website access
- Access to the Website may be terminated at any time by ESA without notice. Any provisions of these terms and conditions that can survive termination will nevertheless survive any such termination.
14.5 Termination of Accredited Body’s Agreement with ACIC
- ESA may terminate this service or reduce the scope of the service (including by reducing or removing any nationally coordinated criminal history check categories) by notice at any time, as a result of a termination or reduction of Scope of ESA’s agreement with the ACIC.
2 The LEC will not be entitled to any compensation whatsoever including for loss of prospective profits or loss of any benefits that would have been conferred on the LEC if the termination or reduction had not occurred. ESA will only be liable for repayment of any outstanding nationally coordinated criminal history checks requested, and paid for, by the LEC prior to the effective date of termination.
3 This clause 14.5 does not affect the Accredited Body’s other rights under this Contract or otherwise at law.
- Consequences of Termination
15.1 On expiry or termination of these terms and conditions for any reason the LEC must;
- promptly return or delete all materials, information and documentation provided to it by ESA in connection with these terms and conditions;
- refrain from accessing or using any ESA Systems (including the Web Tools), and ensure that none of its Personnel access or use any of the ESA Systems
15.2 ESA may;
- retain any Fees that have been paid to it;
- terminate all means or modes of access and use of the ESA Systems by the LEC and its Personnel; and be regarded as discharged from any further obligations under these terms and conditions.
15.3 Despite anything else in these terms and conditions,
the LEC acknowledges and agrees that ESA may keep a reasonable number of copies of;
- the LEC’s Confidential Information disclosed to ESA under these terms and conditions; and
- the LEC Data, for record keeping and quality control purposes, to allow ESA to comply with all applicable Laws.
- Accrued Rights and Remedies
- Termination of these terms and conditions will not prejudice any right of action or remedy which may have accrued to either party prior to such termination.
- Notices and Other Communications
17.1 Service of notices
- Except as otherwise provided under these terms and conditions, a notice, demand, consent, approval or communication under these terms and conditions (Notice) must be;
- in writing, in English and signed by a person duly authorised by the sender; and
- hand delivered or sent by prepaid post or email to: PO Box 908, Maroochydore Q4556 OR
17.2 Effective on receipt
- A Notice given in accordance with this clause takes effect when taken to be received (or at a later time specified in it), and is taken to be received;
- if hand delivered, on delivery;
- if sent by email, two hours after the time that the email is sent (unless the sender receives notification during that time that delivery of the email was not successful);
- if sent by prepaid post, on the second Business Day after the date of posting (or on the seventh Business Day after the date of posting if posted to or from a place outside Australia); or
- if sent by facsimile, when the sender’s facsimile system generates a message confirming successful transmission of the entire Notice unless, within eight Business Hours after the transmission, the recipient informs the sender that it has not received the entire Notice, but if the delivery, receipt or transmission is not on a Business Day or is after 5.00pm on a Business Day, the Notice is taken to be received at 9.00am on the next Business Day.
- Verification Functionality
- ESA may embed, incorporate or use verification functionality or features with respect to Agency Checks, which may include providing access to an online verification of the Agency Information contained in the relevant Agency Check, or such other security or integrity measures as determined by ESA.
- The Individual Applicant or LEC acknowledges and agrees that, by forwarding or making available, or by permitting ESA or another party to forward or make available, an Agency Check to a third party, the Individual Applicant or LEC consents and agrees that such third party may also access the relevant Agency Information of the relevant individual (being the subject of the Agency Check), and use such verification functionality or features with respect to the Agency Check.
- The Individual Applicant or LEC acknowledges and agrees that providing such third parties with access to the relevant Agency Information in accordance with such verification functionality or features is appropriate and reasonable, and required to maintain security and integrity of the relevant Agency Check.
- ESA reserves the right to amend these terms and conditions from time to time.
- Amendments will be effective immediately upon uploading on the Website. The Individual Applicant or LEC’s continued use of the Website (or submission of any Customer Requests) following such uploading will represent an agreement by the Individual Applicant or LEC to be bound by these terms and conditions as amended.
- The Individual Applicant or LEC agrees that it is responsible for checking the Website and reviewing the latest version of these terms and conditions to ensure that it is satisfied with the terms and conditions as applicable at any given time, before submitting Customer Requests which will be subject to the applicable terms and conditions at that time.
19.2 Approvals and consents
- Except where these terms and conditions expressly states otherwise, a party may, in its discretion, give conditionally or unconditionally or withhold any approval or consent under these terms and conditions.
- The LEC may only assign its rights under these terms and conditions with the prior written consent of ESA.
19.4 Force Majeure
- Neither party is liable for any failure to perform or delay in performing its obligations under these terms and conditions if that failure or delay is due to anything beyond that party’s reasonable control.
- This clause does not apply to any obligation to pay money.
- The deadline for any obligation that is affected by the Force Majeure will be extended by a period equivalent to the period for which the Force Majeure has prevented that obligation being performed.
19.5 Further action
- Each party must do, at its own expense, everything reasonably necessary (including executing documents) to give full effect to these terms and conditions and any transaction contemplated by it.
- Any indemnity or any obligation of confidence under these terms and conditions is independent and survives termination of these terms and conditions.
- Any other term by its nature intended to survive termination of these terms and conditions survives termination of these terms and conditions.
- Each clause of these terms and conditions and each part of each clause must be read as a separate and severable provision.
- If any provision is found to be void or unenforceable, that provision may be severed and the remainder of these terms and conditions will continue in force.
- A party does not waive a right, power or remedy if it fails to exercise or delays in exercising the right, power or remedy.
- A single or partial exercise of a right, power or remedy does not prevent another or further exercise of that or another right, power or remedy.
- A waiver of a right, power or remedy must be in writing and signed by the party giving the waiver.
- If we waive any rights available to us under these terms and conditions on one occasion, this does not mean that those rights will automatically be waived on any other occasion.
- Except where these terms and conditions expressly states otherwise, it does not create a relationship of employment, trust, agency or partnership between the parties.
19.10 Governing law and jurisdiction
- These terms and conditions are governed by the laws of Queensland, Australia, and each party irrevocably and unconditionally submits to the non-exclusive jurisdiction of the courts of Queensland, Australia.
- The Website may contain links to other websites (linked websites). Those links are provided for convenience only and may not remain current or be maintained.
- ESA is not responsible for the content or privacy practices associated with linked websites.
- The links with linked websites should not be construed as an endorsement, approval or recommendation by ESA of the owners or operators of those linked websites, or of any information, graphics, materials, products or services referred to or contained on those linked websites, unless and to the extent stipulated to the contrary.
- Police Checks
1 General obligations
1.1 The Individual Applicant or LEC must;
(a) not provide use of the Service or access to nationally coordinated criminal history checks to other parties
(b) not send any Police Information or Personal Information about an Applicant to an overseas recipient unless the LEC has the prior approval of the Individual Applicant;
(c) act in accordance with the Privacy Act, as if it were an APP Entity;
(d) grant ESA or its authorised officer a right of access to the LEC’s premises (and to data, records and other material relevant to the use of the Service and the handling of Police Information, including the right to copy), which ESA must exercise reasonably and subject to the LEC’s reasonable safety and security requirements;
1.2 The Accredited Body will not submit to the ACIC any request for a nationally coordinated criminal history check unless it has collected the Applicant’s Application and Informed Consent in accordance with the requirements set out in the Accredited Body’s Contract for Access to the NSS.
- Limitations of Service
2.1 The Individual Applicant or LEC acknowledges and agrees that the provision of a nationally coordinated criminal history check to the Individual Applicant or LEC is for use on the following conditions:
(a) the ACIC makes no representation or warranty of any kind in respect to accuracy; and
(b) the ACIC does not accept responsibility or liability for any omission or error in the nationally coordinated criminal history check.
- Suspension of Service by ACIC
3.1 In the event that;
(a) the ACIC suspends or reduces ESA’s level of access to, or use of, the Service; and
(b) that suspension or reduction affects ESA’s ability to provide the Service to the LEC, the LEC acknowledges that its level of access to, or use of, the Service will also be suspended or reduced by ESA or the ACIC.
- Protection of Police Information and other Personal Information
4.1. The LEC acknowledges that its use of the Service involves;
(a) the collection, use and possible disclosure by the LEC of Personal Information or Police Information.
4.2 The LEC must in its use of the Service;
(a) collect, use or disclose Personal Information and Police Information only for the nationally coordinated criminal history check category and related administration;
(b) not collect, transfer, store or otherwise use Police Information outside Australia, or allow parties outside Australia to have access to Police Information, unless a Permitted Offshore Transfer circumstance applies;
(c) not disclose Police Information other than for the purpose for which the Applicant gave Informed Consent unless it has the prior written approval of the ACIC;
(d) not commit any act, omission or engage in any practice which is contrary to Australian Privacy Law;
(e) not do any act or engage in any practice that would be a breach of an APP or a Registered APP Code (where applied to the Legal Entity LEC)
(f). implement Safeguards to keep Personal Information and Police Information secure;
(g) comply with any directions or guidelines in relation to the treatment of Personal Information and Police Information, notified to the LEC by ESA; and
(h) ensure that all Personnel who are required to deal with Personal Information and Police Information are made aware of the obligations of the LEC set out in this clause 20 (4.2).
4.4 The LEC must not alter the content of a nationally coordinated criminal history check provided to the LEC by the Accredited Body or by the ACIC, including;
(a) any Police Information;
(b) any Personal Information
4.5 The LEC must destroy or securely dispose of all hard and electronic copies (including backed up versions held on servers or other media) of each nationally coordinated criminal history check within twelve (12) months following the receipt of the nationally coordinated criminal history check.
4.6. LEC to give notice of breach or possible breach of clause 20 (4).
4.7 LEC must notify the Accredited Body immediately if the LEC becomes aware of a breach or possible breach of any of the obligations contained in, or referred to in this clause 20 (4), whether by the LEC or its Personnel.
- Audits and Access to Premises and Information.
5.1 The ACIC, including its authorised Personnel, may conduct audits relevant to the LEC’s compliance with this Contract. Audits may be conducted of:
(a). the LEC’s operational practices and procedures as they relate to police checks.
(b). the LEC’s compliance with its privacy and confidentiality obligations under this Contract including that the nationally coordinated criminal history check has been used only for the nationally coordinated criminal history check category; and
(c) any other matters determined by the ACIC to be relevant to the use of the Services or the performance of the service.
5.2 The LEC must participate promptly and cooperatively in any audits conducted by the ACIC or its authorised Personnel.
5.3 Each Party must bear its own costs associated with any audits.
5.4 For the purposes of the ACIC conducting audits under this clause 20 (5), the LEC must, as required by the ACIC or its authorised Personnel;
(a) grant the ACIC and its authorised Personnel access to the LEC’s premises and data, records and other material relevant to the performance of this Contract; and
(b) arrange for the ACIC and its authorised Personnel to inspect and copy data, records and other material relevant to the performance of this Service.
5.5 The rights referred to in this clause 20 (5) are, wherever practicable, subject to;
(a) the ACIC providing the LEC with at least three (3) business days’ prior notice; and
(b) the LEC’s reasonable security requirements or codes of behaviour, except where the ACIC or its authorised Personnel believes that there is a suspected or actual breach of law.
5.6 The rights of the ACIC under this clause 20 (5) apply equally to;
(a) the Auditor-General or a delegate of the Auditor-General;
(b) the Privacy Commissioner or a delegate of the Privacy Commissioner;
(c) the Commonwealth Ombudsman or a delegate of the Commonwealth Ombudsman, for the purpose of performing the Auditor-General’s, Privacy Commissioner’s or the Commonwealth Ombudsman’s statutory functions or powers.
- Access to Documents
6.1 If the Commonwealth receives a request for access to a document created by or in the possession of the LEC that relates to this Service the ACIC or Accredited Body may, at any time by notice, require the LEC to provide the document to the ACIC and the LEC must, at no additional cost to the Commonwealth or ESA, promptly comply with the notice.
6.2 If the LEC receives a request for access to a document in its possession that relates to this Service, LEC must consult with ESA and the ACIC upon receipt of the request.
- Security of Commonwealth’s Confidential Information
7.1 The LEC agrees to secure all of the Commonwealth’s Confidential Information (including Police Information) against loss and unauthorised access, use, modification or disclosure.
7.2 The LEC must secure Personal Information belonging to Applicants against loss and unauthorised access, use, modification or disclosure, and notify the Applicant of these risks.
7.3 The LEC must, on request by the Accredited Body or the ACIC at any time, promptly arrange for the LEC’s Personnel to give a written undertaking in a form acceptable to ESA or the ACIC relating to the use and non-disclosure of the Commonwealth’s Confidential Information (including Police Information).
7.4 The obligations under this clause 20 (7) survive the expiry or termination of the service and exist in perpetuity, unless otherwise notified by ESA or the ACIC.
7.5 The obligations contained in this clause 20 (7) are in addition to those specified in clauses 8 and 20 (2).
- Dispute Resolution
8.1 This clause (20) 8 applies only to disputes regarding these Terms and Conditions. Disputes arising from nationally coordinated criminal history checks are to be handled by ESA in accordance with ESA’s ACIC Agreement.
8.2 The LEC agrees to provide the ACIC with any information or materials reasonably requested by the ACIC, in order to allow the ACIC to resolve any dispute between itself and ESA.
8.3 A Party must comply with the following procedure in respect of any dispute arising under this Contract:
- the Party claiming that there is a dispute will send the other Party a notice setting out the nature of the dispute (‘Dispute Notice’);
- the Parties will try to resolve the dispute through direct negotiation, including by referring the matter to persons who have the authority to intervene and direct some form of resolution.
9.1 The termination or expiration of this Contract will not affect the continued operation of this clause 9 and any provision of this Contract which expressly or by implication from its nature is intended to survive including clauses 20 (4) (protection of Police Information and other Personal Information) and 20 (5) (Audits and access to premises and information).
10.1 A Party (‘First Party’) giving notice to the other Party under this Contract must do so in writing and that notice must be signed by the First Party’s authorised officer, marked for the attention of the other Party’s authorised officer and hand delivered or sent by prepaid post or email to the other Party’s address for notices.
10.2 A notice given in accordance with clause 20 (8) is received:
- if hand delivered or if sent by pre-paid post, on delivery to the relevant address; or
- if sent by email, when received by the addressee or when the sender’s computer generates written notification that the notice has been received by the addressee, whichever is earlier.
- Terms and Conditions When Conducting Police
11.1. The LEC agrees to be bound by the Terms and Conditions of Service.
- Protection of Personal Information and Police Information Safeguards
(a) In accessing the Service, LECs must implement the security management measures set out in this clause 12 to ensure against:
(i) misuse, interference, loss, unauthorised access, modification or disclosure of Applicant’s Personal Information;
(ii) unauthorised access to and use of the Service; a. unauthorised access to Police Information in the Service Support National Police Checking Service Support System (NSS); and
(iii) loss and unauthorised access, use, modification or disclosure of Police Information stored outside of NSS.
(b) This information is provided to assist LECs understand their obligations and comply with the ACIC’s security management standards.
- Information Security Policy
(a) The LEC must develop, document and maintain an Information Security Policy (Policy) that clearly describes how it protects information.
(b) The Policy should be supported by the LEC’s senior management and be structured to include any legal framework relevant to the Policy, such as the Australian Crime Commission Act 2002 (Cth) and this Contract.
(c) The Policy must include adequate details on how it is enforced through physical, technical and administrative controls, including details on:
(i) the type or class of information that the Policy applies;
(ii) information security roles and responsibilities relating to the Service;
(iii) security clearance requirements and its Personnel’s responsibilities;
(iv) configuration and change control;
(v) technical access controls;
(vi) staff training;
(vii) networking and connections to other systems;
(viii) physical security (including media security); and
(ix) incident management.
- Technical Access
(a) The LEC’s ICT environment must be secured in accordance with the Policy and should:
(i) be protected by appropriately configured gateway environment (including firewalls);
(ii) include technical access controls protecting any National Police Information stored electronically outside of NSS, for example, restricted file system permissions; and
(iii) maintain a static IP address to avail web services (if applicable).
- Technical Infrastructure
(a) Workstations and server infrastructure involved in the storage or processing of National Police Information and Personal Information should be secured in accordance with the Policy and should:
(i) run current and patched operating systems;
(ii) run current and patched software, including browsers (N-1 on browsers is acceptable providing patching is maintained);
(iii) have anti-virus software application installed up-to-date virus definition files; and
(iv) run application whitelisting software (desirable).
(b) Administrative or privileged access to infrastructure is to be minimised and only used when an administrative function is required.
- Password policy
(a) System accounts that are involved in the storage or processing of National Police Information should be subject to
a password policy that sets out;
(i) no less than 10-character passwords including a minimum of one numerical and one upper case character;
(ii) password reset cycle no longer than 90 days;
(iii) users to select strong passwords (avoid dictionary words);
(iv) ensure unused accounts are disabled and removed; and
(v) computers lock after 15 minutes of inactivity.
(a) All LEC Personnel involved in storage or processing of National Police Information and Personal Information must be provided with the information security awareness training related to;
(i) their responsibilities as defined in the Policy;
(ii) what constitutes authorised access to information; and
(iii) their obligations with regard to reporting of information security issues or incidents.
- Incident Management
(a) Any information security issues or incidents must be reported immediately to the Accredited Body where the consequence may impact or has impacted on the Accredited Body’s or ACIC systems or information. This includes, but is not limited to, loss or compromise of digital certificates or associated passwords.