Our industry - leading flagship product
CargoWise centralizes logistics operations on a single global database, delivering business continuity, scalability, and security.
It provides a cloud-based, supply chain and logistics execution software solution. Our customers manage their involvement in logistics and the global supply chain in areas such as freight forwarding, customs, tracking, warehousing, cross-border compliance and transport by air, sea, rail and road through CargoWise.
Real-time data visibility in CargoWise helps our customers track the movement of goods, origin to destination, enabling the efficient execution of logistics processes.
We are building a global network of CargoWise Partners, Certified Practitioners, education institutions, and industry partners for freight forwarding, Our network of technology and logistics experts work within the logistics industry across our customers, associations and logistics businesses
WiseTech places information security at the forefront of its operations and culture, recognizing that safeguarding sensitive information is not only a legal and regulatory obligation but also a fundamental responsibility to our customers, employees and stakeholders.
We prioritize continuous education and training for our workforce, deploy state-of-the-art security technologies, conduct regular risk assessments, and maintain robust incident response protocols to ensure a resilient and proactive approach to addressing cyber threats and maintaining the trust of those we serve.
Our structured, proactive approach to managing information security risks applies a strong set of internal data protection controls.
These include access controls, encryption, network segregation, network traffic inspection and secure storage. This is overlaid by a program of continuous monitoring, collection and secure storage of audit and access logs, patching, threat protection and vulnerability detection processes.
Our architecture philosophy is founded upon the principles of defense-in-depth, proactive threat mitigation, continuous monitoring, and a risk-based approach to safeguarding data and systems. We prioritize the implementation of robust security controls, adherence to industry best practices, and a culture of security awareness to ensure the confidentiality, integrity, and availability of our organization's critical information assets.
We manage risks associated with cybersecurity threats via our Enterprise Risk Framework, in alignment with ISO31000 (Risk Management). Our Information Security Risk Management Framework guides the assessment of risks and associated controls by systematically identifying potential threats and vulnerabilities, evaluating their potential impact on our organization’s assets, and determining the appropriate risk response strategies.
Our information security management system is ISO27001 certified. We have successfully achieved SOC 1 and SOC 2 attestations, and align to the NIST Cybersecurity Framework, OWASP and ACSC Essential Eight, and to standards published by the Center for Internet Security (CIS). Our Information Security Policy provides direction for managing security risks associated with information, source code, cloud services and systems. Compliance with this Policy and all supporting material is mandatory for WiseTech Global employees, contractors and third parties who, during their work to support WiseTech, have access to WiseTech Global products, services, systems, corporate information, or customer information.
Our Information Security Committee (ISC) is in place to ensure continued management focus on the Information Security Management System (ISMS) and information security incidents. The ISC Charter defines the purpose of the Committee as to support the effective implementation, operation, and ongoing management of the ISMS through a continuous review and action process. Co-chaired by CEO Richard White and our Head of Information Services, ISC meetings review internal and external environments that may affect our business or our customers, and establish strategies and objectives to meet current and new risks. The Committee also regularly reviews industry trends, legislative and regulatory changes, and information security threat intelligence updates.
We conduct penetration testing using internal and external capability, and regularly run vulnerability testing. As part of our framework, we run operational testing, including phishing assessments and cybersecurity training which are integrated into our induction, annual training and compliance programs.
We regard our people as our first line of defense and have created security awareness training hosted on WiseTech Academy, which is mandatory for all staff to undertake annually. Our Information Services (IS) Team members must also complete detailed training on our ISMS.
WiseTech Global and its subsidiaries recognize the importance of privacy and data protection and comply with relevant laws and regulations, including the EU GDPR, to safeguard the security and privacy of all customer data.
WiseTech is headquartered in Australia and must comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles. WiseTech’s Privacy and Data Collection Notice sets out how we collect, manage, and disclose personal information.
However, as a global logistics software company that services 170+ countries throughout the world, we also need to keep up to date with legal and regulatory developments globally.
We believe that complying with the toughest law provides a seamless way in which the business can continually update compliance and measures to protect and secure data. Therefore, we take the approach of complying with the most robust law globally which is currently the GDPR, a European Union regulation with extra-territorial reach.
By ensuring a uniform approach to privacy and data protection, the technical teams at WiseTech Global will not need to rewrite code again and again to respond to changes across geographies or implement certain security features for some locations but not others.
In addition to a close collaboration between our technical teams and legal in ensuring design, build, and procedures are compliant with our Australian and international legal and regulatory obligations, our external Data Protection Officer supports WiseTech to comply with the requirements of the GDPR. Our people are also required to complete privacy and data protection training and more specific training in relation to the EU GDPR.
In terms of data privacy, we have adopted the most stringent standards across our business. We have established a robust vulnerability management program with ongoing, automated scanning to uncover security vulnerabilities or misconfigurations across our infrastructure. We combine this with regular manual penetration testing; with in-house capabilities and trusted external third parties performing regular tests. We have data processing terms with customers and data collection and privacy notice informing our customers and other stakeholders how we collect and process data. We also consider the ability of our potential suppliers to ensure privacy and data protection compliance prior to proceeding with any engagement. Our standard Data Processing Addendum with our customers is available on our website..
We are committed to conducting business in an ethical, lawful, and socially responsible manner and expect the same from our team members and suppliers.
We are committed to upholding and respecting human rights for all people as articulated in the UN Guiding Principles on Business and Human Rights, the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, the International Covenant on Economic, Social and Cultural Rights, and the International Labour Organization’s Declaration on Fundamental Principles and Rights at Work.
WiseTech’s Modern Slavery Statements may be found on the Australian Border Force Modern Slavery Statement Register. Our most recent Modern Slavery statement can be viewed on our website.
Modern slavery awareness training forms a part of WiseTech’s onboarding program for new employees, with refresher training required at least biennially.
Our cross-functional Modern Slavery Working Group determines additional activities to be undertaken to manage modern slavery risk in our business and supply chain.