FACTS Online Pty Ltd has created this Security Policy in order to demonstrate our firm commitment to security. The following discloses our security and accessibility policies.

FACTS Online Pty Ltd understands that the security of your personal information is important to you. Whenever you submit personally identifiable information you will be doing so through secure servers.

The factsonline.com.au service only allows secure browsers access to the system. The browser's "secure mode" is in place only when you are logged in to the system. You will be able to tell that you are in a secure mode when your browser displays a special icon on the lower bar of your browser window.

Every secure page (i.e. every part of the user interface) on factsonline.com.au has been secured with a digital certificate by Comodo Class 3 Security Services CA. This is shown via the "site certificate" which is resident on all secure pages. To view this certificate, click on the image of the closed lock on the bottom bar of your browser window. A small frame displaying site security information will appear. This allows you to verify the site certification authority and that you are in fact on factsonline.com.au.

Only the registered user of factsonline.com.au can see the factsonline.com.au application and access its contents. Each user selects his/her own password for factsonline.com.au. The users' passwords are stored in a one-way encrypted format and are not accessible to employees of FACTS Online Pty Ltd.

If you have forgotten your password, or your password is not working for some reason, you can retrieve your password with the system as follows:

1. Go to http://www.factsonline.com.au , click Forgot your password?
2. Enter your registered e-mail address in the form and click "Submit email".
3. Follow the instructions in the e-mail message that is sent to you (after step A password system has been established to ensure that only you can access your personal information. The acceptable minimum password length is 6 characters. We recommend that you use a random combination of letters, numbers, and cases to provide added protection (for instance: 'Hfg358mz' would be a good password).

   Each time you login to the system you will be required to authenticate your identity by entering your previously supplied e-mail address and password. Upon successful login, you are issued a unique "session id" (does not include any personally identifiable information) which allows you to remain active as long as actions are performed in the system at least once every 20 minutes, after which any further actions require you to re-enter your e-mail address and password. If an incorrect password is supplied, or if you simply forget your password, you may need to re-establish your identity following the instructions above.

We use encryption technology to ensure the safe transmission of your information when logged into the system. Your browser provides security by allowing us to use Secure Socket Layer (SSL) encryption up to 128-bit key length encryption when transmitting information and documents. The number of bits of secret key length varies between 40 and 128 depending on your browser's capability. The highest available bit length is always used. All application communication between your computer and factsonline.com.au is encrypted using SSL.

FACTS Online is authenticated and certified by COMODO Certification Authority

FACTS Online Pty Ltd takes many measures to protect client information while it is stored, including:

• Utilizing a firewall to protect our server and stored information. A firewall is a barrier to unauthorized users to prevent access to our systems.
• Monitoring system and application activity logs to identify any unusual activity, from authorized and/or unauthorized individuals accessing our systems and/or making changes to stored information, for investigation.
• Housing the server in a highly secure building to provide additional protection against unauthorized access and changes to stored information.
• The system administration at FACTS Online Pty Ltd.com has no functions allowing access to a client's financial model. It is thus impossible for employees at FACTS online Pty Ltd to access clients' information. FACTS Online Pty Ltd has also taken special steps to ensure that only a few key people are aware of how the security system is designed and implemented.
• All employees at FACTS Online Pty Ltd are bound by a confidentiality and non-disclosure agreement prohibiting access to and dissemination of information handled by the company's clients when using the FACTS Online Pty Ltd Web service.
  

The FACTS Online Pty Ltd server consists of a range of redundant hardware components including:

• Large bandwidth redundant Internet connections to one of the main Internet connection points and redundant routers with fail-over configuration.
• Redundant firewalls with filters and fail-over configuration.
• Application and Web servers in the form of several load-balanced multi-processor servers.
• Redundant database cluster configuration.
• Database server mirrored in a fail-over server, which will take over if the main server is interrupted.
• LAN with redundant network switches and fail-over configuration.
• Highly secure computer facilities with cooling systems, UPS, backup systems and fire protection.

FACTS Online Pty Ltd reserves the right to modify or amend this Security Policy at any time and for any reason. Users will be notified about changes in the Security Policy via our web site news section.