Cyber-security Policy

1. Introduction

1.1    Cyber security has been identified as a significant risk for Go Auction Ltd. (the "company") and all employees and contractors need to contribute for us to remain secure.

1.2    The company has invested in technical cyber security measures, but we also need our employees and contractors to be vigilant and act to protect the company IT systems.

1.3    This policy provides information about your role in keeping the company secure.

1.4    Please contact Nikki Robinson if you have any questions about cyber security.

1.5    If you are an employee, this policy forms part of your employment contract; if you are a contractor, this policy forms a part of your contract of engagement. Any breach of this policy shall constitute a breach of contract.


2.1    This document was created using a template from SEQ Legal (

Cyber security requirements

3.1    You must:

(a)    choose strong passwords (a strong password contains alpha characters, numbers, special characters, a mix of upper case and lower case characters, and is a minimum of 10 characters in length);

(b)    keep passwords secret;

(c)    never allow any other person to access the company's systems using your login details.

3.2    You must not turn off or attempt to circumvent any security measures (antivirus software, firewalls, web filtering, encryption, automatic updates etc.) that the IT team have installed on your computer, phone or network or the company IT systems.

3.3    You must report any security breach, suspicious activity, or mistake you make that may cause a cyber security breach, to Nikki Robinson immediately. 

3.4    You should avoid clicking on links to unknown websites, or accessing inappropriate content using company equipment or networks.

Consequences of system misuse

4.1    The company considers the following actions to be a misuse of its IT systems or resources:

(a)    any malicious or illegal action carried out against the company or using the company's systems;

(b)    accessing inappropriate, adult or illegal content within company premises or using company equipment;

(c)    excessive personal use of company IT systems during core working hours;

(d)    using company equipment in a way prohibited by this policy;

(e)    circumventing technical cyber security measures implemented by the company; and

(f)    failing to report a mistake or cyber security breach.