Our Commitment to Security
At SCATS, developed by Transport for NSW, security is at the core of everything we do. Whether we are building intelligent traffic management software or hosting solutions for our customers. We are trusted by critical infrastructure and public sector organisations in over 30 countries. We are dedicated to protecting your data, ensuring the reliability of our services, and maintaining your trust every day.
Our approach combines internationally recognised security standards, robust operational controls, and a culture of continuous improvement.
Our security practices are guided by:
ISO/IEC 27001:2022 certification
A secure software development lifecycle
Enterprise-wide security programs managed by Transport for NSW
These measures ensure compliance with global standards and meet the assurance requirements of SCATS customers.
Our Security Framework
- Dedicated security team managing an ISO-aligned Information Security Management System (ISMS)
- Regular audits, risk assessments, and executive oversight
- Security integrated into every stage of software development lifecycle
- Threat modeling, secure design and coding (OWASP ASVS), automated scanning (SAST, DAST), and CI/CD security gates
- Encryption for data at rest and in transit
- Role-based access controls, strong authentication, and privacy impact assessments
- Continuous scanning and risk-based remediation
- External penetration testing and internal audits
- Centralised SIEM for real-time monitoring
- Documented incident response plan with transparent customer communication
Vendor risk assessments and security controls for third-party integrations
Business Continuity/Disaster Recovery plans aligned with customer SLAs
Mandatory cybersecurity training for all staff and extensive security awareness campaigns.