👋 Hello! It looks like you're visiting from the US. Do you want to visit our American site?
👋 Hello! It looks like you're visiting from the UK. Do you want to visit our UK site?
👋 Hello! It looks like you're visiting from Australia. Do you want to visit our Australian site?
×

Security Policy:

Smokeball is proud to be an ISO 27001 certified organisation, demonstrating our commitment to maintaining the highest standards of information security. This internationally recognised certification reflects our dedication to protecting our clients' sensitive data and upholding their trust.

We understand that safeguarding information assets is essential to our reputation and the strength of our business relationships. In response to the evolving cybersecurity landscape, Smokeball has implemented comprehensive and robust security measures to protect both our solutions and information assets.

Information security is embedded in every aspect of our operations. We apply stringent security practices and secure information handling protocols across the organisation. Our ISO 27001-certified framework underpins the stringent security practices and secure information handling protocols applied across all areas of our business. This reinforces our commitment to treating client data with the same level of care and protection as our own critical information.

Clients can be confident that Smokeball prioritises the confidentiality, integrity, and availability of their information—backed by globally recognised standards.

We acknowledge that effective information security is a collaborative effort. As such, Smokeball works closely with our clients, third-party partners, and stakeholders to ensure a comprehensive approach to data protection.

This shared responsibility model allows us to maintain a robust security posture while delivering exceptional service to our clients.

Responsibilities of Smokeball:
  • Smokeball is responsible for safeguarding the infrastructure supporting our services.
  • Smokeball is responsible for securing the clients and partners data in accordance with relevant laws, Smokeball's security standards, and any agreements with the clients or partners.
Responsibilities of the clients, third parties and partners:
  • Our clients, partners and other third parties are responsible for various security configuration and management tasks, such as choosing secure passwords, not sharing passwords, setting up multi-factor authentication (MFA), managing user permissions, and assessing their own technology-related risks.
  • They are also responsible for ensuring their clients' data is protected and meeting any security requirements imposed by Smokeball.
  • They are responsible for securing their computers and other end user devices. All information on their devices (including cached data from any application) is vulnerable to attack without implementing proper security controls and protections.
Security Governance and Framework

Our Information Security Management System (ISMS) is certified to the ISO 27001 standard and encompasses comprehensive policies, processes, and controls that protect data confidentiality, integrity, and availability. The framework aligns with Annex A control requirements, which provide a structured approach to access management, data protection, system resilience, and continual improvement.

AWS Security and Compliance

Smokeball’s solutions are hosted on Amazon Web Services (AWS), leveraging AWS’s globally recognised compliance posture. AWS maintains certifications and compliance programs including ISO 27001, ISO 42001, SOC 1, SOC 2, PCI DSS, and GDPR alignment, ensuring our infrastructure adheres to the highest security standards. Our environment benefits from AWS’s multi-layered security model and tools, including virtual firewalls, web application firewalls, intrusion detection, and continuous monitoring to prevent, detect, and respond to potential threats proactively.

Data Protection and Encryption

We employ industry-leading encryption mechanisms to secure data in transit and at rest. All sensitive data is encrypted using AES-256 encryption, ensuring confidentiality and protection from unauthorised access. Communication between systems is secured using TLS 1.2+ to prevent interception during transmission, maintaining integrity and authenticity throughout the data lifecycle.

These measures ensure that your sensitive information is protected from unauthorised access at all times.

Account Security and Access Controls

In alignment with ISO 27001 Annex A controls, Smokeball implements strict access management practices:

  • Multi-factor authentication (MFA) adds an extra layer of protection to account login.
  • Role-based access control (RBAC) ensuring least-privilege principles.
  • Periodic reviews of user privileges and account activity.
  • Automated monitoring and alerts for unauthorised and abnormal access attempts.

These controls strengthen identity verification, enhanced protection against identity theft and unauthorised access, reduce insider threats, and enhance overall account security.

Service Resilience and Availability

Smokeball’s solution is built for resilience. Smokeball’s infrastructure is architected across multiple AWS Availability Zones, delivering high availability and resilience against service disruptions. This geographical redundancy ensures continuous uptime, disaster recovery capabilities, and minimal impact from regional outages — providing uninterrupted service reliability for all clients.

Continuous Improvement

Security at Smokeball is never static. We continually enhance our controls and practices through regular audits, assessments, penetration testing, compliance reviews, security awareness training for all staff and incident response planning and readiness to support the continual improvement of our security posture.

Smokeball’s commitment to information security ensures our clients can operate with confidence, knowing their data is protected by robust controls and a certified management framework.

How to contact us

If you have any questions about our security practices or would like to report a concern, please send us an email at infosec@smokeball.com

Questions?

This statement reflects the security policy of SMOKEBALL and is regularly reviewed and updated. It should be regarded as the primary source of truth regarding security within SMOKEBALL.

Any further questions, please email info@smokeball.com.au or call us on 1300 33 55 53.


About
Our CompanyCareersLeadershipSecurityPartner With Us
Features
Smokeball AIAutomatic Time TrackingBilling and Trust AccountingLegal Document AutomationMatter ManagementSupport and TrainingIntegrationsSee all features
Areas of Practice
Family LawConveyancingImmigration LawEstate PlanningPersonal Injury LawCriminal LawSee all areas of practice
Resources
BlogCase StudiesWall of LoveCommunityEbooksEvents & WebinarsReferral ProgramStarting a Law Firm
Support
Support HubContact Us
Customers
Customer SupportClient Login
Follow us
Instagram
LinkedIn
Youtube

© 2025 Smokeball Australia Pty Ltd (ABN 46 664 254 200). All Rights Reserved.
Terms of Service | Website Terms of Use | Privacy Policy