Effective Date: May 2025

Context and Background

This document is intended to help provide you with a more detailed understanding of how Vitaport’s cyber security and privacy risks are managed. It outlines quick facts about how we manage Vitaport’s cyber and privacy risks in alignment with best practice, and the models we adopt to do so.

Throughout this document, we use terms such as “we” and “our” as they relate to the different entities involved in Vitaport’s ongoing management, maintenance and development. These entities are described below.

Vitaport

Vitaport is a software product developed by Aspen Medical Technology and is designed to be the pulse of your organisational health and wellbeing. Vitaport helps every individual to thrive in their work environment, with the support of a personalised and inclusive work health program. Vitaport empowers individuals, teams and organisations to prioritise work health and wellbeing by providing a preference-driven platform that offers personalised experiences, enhances productivity and fosters a positive work-life balance.

For the individual user, Vitaport interprets a person’s unique needs, preferences and goals to provide a tailored platform to help enhance control over their wellbeing and work-life balance. Each user receives a personalised dashboard, content recommendations and an AI-powered virtual assistant designed to provide them with an individualised work health experience.

For team leaders and managers, Vitaport’s preference-driven platform improves team performance by cultivating healthier, more satisfied employees. By addressing individual preferences and needs, Vitaport helps increase employee retention and positive workplace cultures. With streamlined management tools and automated reporting, Vitaport simplifies the process of managing work health initiatives and allows managers to monitor participation and uplift morale.

For senior management, Vitaport drives organisational performance and mitigates compliance risks. By prioritising wellbeing, Vitaport helps to position organisations as employers of choice, attract top talent and enhance their image/brand. Vitaport allows leaders to demonstrate commitment to employee wellbeing, regulatory compliance and social responsibility.

Aspen Medical Technology

When this document references Aspen Medical Technology, it means Aspen Medical Technology Pty Ltd, a subsidiary of Aspen Medical. Aspen Medical Technology is the company that owns and operates Vitaport and is responsible for delivering a seamless Vitaport experience to its customers.

Aspen Medical

Where this document refers to Aspen Medical, it means Aspen Medical Pty Ltd. Where this document says “we”, “us” or “our”, it generally refers to Aspen Medical Technology & Aspen Medical together.

Vitaport’s Supply Chain

Vitaport is built by a trusted chain of suppliers including software developers and infrastructure technology providers, who collaborate to develop Vitaport under Aspen Medical Technology’s vision.

Roles and responsibilities

To help clarify the ways which Vitaport, its infrastructure and data is protected, we have developed a shared security responsibility model. Vitaport, its developers and customers, have distinct responsibilities which are clarified in this model below.

User data

Vitaport users own their data. Vitaport collects and processes data on behalf of its users as required to provide and support the Vitaport platform. Users are responsible for ensuring that their data is accurate and that the accounts they use to access Vitaport are kept secure. For example, this means that users are responsible for not sharing their passwords with others, keeping their own devices (which they use to access Vitaport) free from malware and spyware, and for not disclosing the information Vitaport holds about them to unauthorised people. Users of Vitaport are responsible for ensuring that it meets their own jurisdiction-specific legal requirements or obligations.

Application

Vitaport is a software product developed by Aspen Medical Technology and is owned by Aspen Medical Technology and Aspen Medical. Aspen Medical Technology and Aspen Medical are responsible for ensuring that Vitaport’s code is free from vulnerabilities, weaknesses and errors. Aspen Medical Technology and Aspen Medical work with its trusted innovation, development and cyber partners to achieve this.

Infrastructure

Vitaport runs on cloud-based infrastructure which is hosted and maintained by trusted partners. These trusted partners are responsible for ensuring that the infrastructure Vitaport runs on is secure, resilient and meets its uptime guarantees. These partners include Amazon Web Services (for the infrastructure on which Vitaport is hosted) and Triniti Labs (for the maintenance and management of this environment, along with Vitaport’s code).

Our policies and procedures

Under the Aspen Medical Group, we maintain a suite of privacy, data protection and information security policies which are available on our website here: https://www.aspenmedical.com/our-policies.

Security, Assurance, Privacy

Both us and our clients must have confidence that Vitaport is safe and reliable. We build the foundations of this trust so that we can continuously answer three fundamental questions:

1.       How are we managing Vitaport’s cyber risks?

2.       How do we know we’re managing these cyber risks effectively?

3.       How do we maintain high standards for privacy in Vitaport?

It is our job to ensure that our answers to these questions are clear. We must be able to continuously ask these questions and be ready to provide transparent answers with confidence. To help us answer these questions, we:

·         Partner with independent experts to ensure we receive the best advice.

·         Invest in understanding best practice, our gaps, and what must be done to close them.

·         Continuously improve and innovate the ways we manage cyber security risk.

We understand that cyber security isn’t a point-in-time objective, but a journey which requires ongoing investment and focus. We’ve made the conscious decision to weave cyber security into our DNA, ensuring that our cyber risks are managed from the beginnings of our product lifecycle.

This document will explain how we build trust in Vitaport through our ongoing efforts to build and improve world-class security, assurance and privacy outcomes.

Security

Vitaport’s security model is based upon managing its vulnerabilities, monitoring for suspicious activity, and ensuring it remains safe and reliable in the event of a cyber attack.

Assurance

Vitaport’s assurance model is based upon defining best practice, analysing and fixing our gaps, and independently verifying that we are doing so effectively over time.

Privacy

Vitaport's privacy model commits to safeguarding the confidentiality, integrity, and availability of all information assets, ensuring compliance with all relevant privacy and data protection laws.