An employer's responsibility protect employees personal details is a key concern in hiring third party providers.  GoVote understands the multiple priorities when running an important ballot - we combine practical, people-first processes with technical controls so you can trust votes are confidential, accurate and available when needed, without ever risking your employee's personal data.

GoVote ballots design security around people, process and technology so that every decision you make about your ballot is backed by documented controls, tested systems and no risk of exposure to overseas data security threats. Our ISO27001 Cyber Security qualification is audited every year to prove our high standards of transparency and integrity, offering our clients, and their employees reassurance and peace of mind.

We use straightforward, proven tools to protect access and traceability. The GoVote platform, Ballot Manager, is only accessible from within Australia. Two‑factor authentication is compulsory for all users and passwords are stored as hashed character strings with protections for failed attempts. Extensive logging is kept and synchronised to Network Time Protocol so every action is auditable. Where possible we use well‑maintained open source software — that transparency helps us and our clients verify behaviour and respond quickly to vulnerabilities.

Built and maintained entirely in-house, the GoVote systems are hardened across the stack. From physical infrastructure to the application layer, we follow a zero‑trust, least‑privilege approach: assume systems are exposed and verify every request. Patching is active (typically weekly), quarterly IT reviews check authentication and encryption settings, and we run annual penetration testing to validate our defences and prioritise fixes. Our Information Security Management System (ISMS) and risk logs are maintained and reviewed regularly so security decisions are traceable and continuously improving.

Access to the Ballot Manager is tightly scoped. Client users only see ballots relevant to their role; internal team access is limited on a need‑to‑know basis and backend access is physically and logically protected. Crucially, our Australian server in Melbourne is locked against access from any country outside Australia. Voters, on the other hand, are able to cast their vote from anywhere in the world. Our team sign confidentiality agreements, receive security awareness training at induction, and must follow the ‘need‑to‑know’ principle for sensitive voter or corporate data.

We back up data automatically to multiple encrypted locations, test backups monthly, and classify services by recovery needs so we meet realistic recovery time and point objectives. Redundancy is built into our architecture (Hyper‑V clustering, SSD RAID, cloud availability zones) and continuity plans are exercised and documented in our Cyber Incident Response Plan.

While GoVote has never experienced a significant data breach, we use our internal algorithms along with human eyes trained and ready to spot and report any unusual activity. Systems are in place for a rapid response should any threat be detected, for a coordinated response to lock down the system and preserve the integrity of the ballot. Quarterly reviews and signed‑off control settings give you ongoing assurance that ballots are run with detection, response and remediation in place.

GoVote combines people‑first processes, transparent open‑source practices and layered technical controls to keep ballots confidential, accurate and available — and we do it with the practical mindset of a small, agile team that listens and adapts. We build security into every layer of our systems, operate a local server locked to Australian‑only access, and back our work with documented ISMS processes, routine testing, encrypted backups and clear incident response procedures so you can trust the integrity of your enterprise ballots and board elections. We don’t treat security as a one‑off: we continuously review and improve our controls, learn from tests and audits, and evolve our systems to meet emerging threats. To give you further assurance, GoVote is audited every year to maintain ISO 27001 status, reflecting our commitment to independent verification and ongoing improvement in data security and systems management.

Once an Enterprise Agreement reaches an ‘in theory consensus’, it should be circulated to all of the employees who will be voting on it. The employer should provide a reasonable amount of time for employees to read the agreement. This should include providing employees with a copy of the agreement, as well as offering a reasonable amount of time for employees to ask questions or raise any concerns. Many companies also include a summary of changes document to help workers understand the implications of the changes. This stage should meet Fairwork Australia’s minimum of 7 days for an access period which begins after the final changes are confirmed, and 21 days after a formal NERR (Notice of Employee Representational Rights). If an employee group or union identifies a problem in the agreement and changes need to be made during the access period, the initial dates for the ballot may need to be changed. At GoVote we do not charge any fee for date changes, and these can be made quickly and efficiently, with updated documents available to download within minutes.

When the access period begins a ballot provider should be sought and hired. At GoVote we offer a proposal document that covers all of the options and provisions for running your Enterprise Agreement vote. It answers the questions that HR personnel often ask around security, secrecy, and deliverables. When our proposal is accepted, a form is sent to the Project Manger to fill, asking the correct wording of the Enterprise Agreement title, the ballot question and contact details for key roles of ‘Voter Roll Support’ and ‘IT Technical Support’. Scrutineers can also be nominated; these are usually union representatives or employee group leaders.

As soon as dates are confirmed GoVote will provide the Project Manager with a 2 page ‘How To Vote’ Notification Letter in pdf which can be attached to internal communications and also printed and posted on notice boards around the workplace. A comprehensive Ballot Management Plan is also developed, detailing all systems utilised, copies of communications, and key dates.

The ballot period begins at the conclusion of the access period. During the access period the Voter Roll should be confirmed and checked over for eligibility and for correct contact details. Special attention should be given to casual worker’s eligibility and to any employees who have resigned but may not have been removed from lists. GoVote provides a template for the Voter Roll that includes names, email address, mobile phone number (if using SMS communications alone or in combination with SMS voting) and group information. For more detail on using groups in your ballot read this article. It is important to ensure that all employees have access to the voting process, and that any issues that arise are dealt with promptly.

During the Ballot Period it is important to ensure that the vote is conducted in a safe and secure manner. This includes ensuring that all employees are able to cast their vote without fear of intimidation or coercion. It is also important to ensure that the vote is conducted in a way that is free of fraud or interference. GoVote offers this assurance with the use of a comprehensive database scouring process to ensure no duplicates or corrupted information is included on the Voter Roll, and by offering a third party communication to all workers in a fair and transparent manner. All voters are offered the support of our 1800 number which is monitored during business hours by the Returning Officer in charge of your ballot. Being a small, independent company, GoVote is able to provide all services here in Australia with no data ever leaving Australian shores. Find more information on our Privacy Policy.

Finally the ballot outcomes are audited and verified before reports are generated and delivered. GoVote provides a certified ‘Declaration of Results’ signed by your Returning Officer, ready to hand over to Fairwork Australia. A a comprehensive Audit Report details all interactions by any client-side user, voter or the Returning Officer during the ballot period. This includes details that can help prove that all voters successfully received communications as well as any changes that were made to the Voter Roll using our Ticketing system.

By following these steps, employers can ensure that their employees are able to make an informed decision and have their voices heard. This is an essential part of the process for reaching a fair and equitable enterprise agreement.

The most secure and fair way to arrange the voting process is to engage a professional third party to run a secret ballot. This ensures that all employees are offered a safe and anonymous opportunity for representation through a straightforward, easy to navigate voting process that offers online, SMS and telephone voting options.

At GoVote our reliable and secure system is the preferred choice for HR professionals because of its ease of set up, prompt customer service and comprehensive report deliverables.