What we do.
The Komatsu Australia Information Security team's services, grouped by capability. Most are provided continuously to the business; some are project-based and engaged on demand.
Operations
Security monitoring (SOC)
24/7 monitoring of Komatsu Australia's endpoint, network, and cloud telemetry. Alerts are triaged by the Sydney-based SOC team.
Incident response
Investigation, containment, eradication, and recovery for confirmed incidents. Coordinated with IT, legal, and communications as required.
Threat intelligence
Monitoring of threat landscape relevant to Komatsu and the mining/construction sector. Briefings to IT leadership and the Risk Committee.
Identity & access
Multi-factor authentication
Universal MFA across Komatsu accounts using Microsoft Authenticator. Setup is mandatory for all employees and contractors.
Conditional access policies
Risk-based access controls applied to Komatsu cloud applications. Reviewed and updated quarterly with IT and business owners.
Privileged identity management
Just-in-time elevation, approval workflows, and audit trails for administrative access to Komatsu systems.
Vulnerability & risk
Vulnerability scanning
Continuous external and authenticated internal scanning. Findings are prioritised by exposure and risk, tracked to closure with IT.
Penetration testing
Annual external and internal penetration tests against the Komatsu Australia environment, plus targeted tests for new significant systems.
Third-party risk
Security review and ongoing assurance for vendors handling Komatsu information, including cloud service providers and managed services.
People & awareness
Annual security awareness training
Mandatory training for all employees, refreshed annually with role-based modules for finance, executives, and IT.
Phishing simulation program
Quarterly simulated phishing campaigns. Results inform additional targeted training; individuals are never named publicly.
New starter induction
A security briefing module included in new starter onboarding, plus a refresher for staff returning after extended leave.
Governance
Information security policies
Komatsu Australia's information security policy set, published internally and reviewed annually with input from IT, Legal, and the business.
Risk & advisory
Security input on new projects, vendor engagements, and major change initiatives. Engage us early to keep work on schedule.
Reporting
Quarterly operating metrics to the Komatsu Australia leadership team and annual reporting to the Risk Committee.
Need to raise something with the Information Security team?
For suspected incidents, use the incident reporting form. For policy questions, advisory work, or anything else, email the team directly.