Menu

How to Access Mine Survey Data Securely

How to access mine survey data securely: role-based access, encryption, GDA2020 control integrity, audit trails and statutory record-keeping for Australian mines.

12 min read

TL;DR

To access mine survey data securely you need three things working together: controlled identity (who can open what), a protected pipeline from the instrument to the database (encryption in transit and at rest), and a verifiable chain of custody so every coordinate can be traced back to the control it was derived from. This guide covers how to set up role-based access, how to keep your GDA2020/MGA2020 control and point cloud archives tamper-evident, and the statutory record-keeping obligations that mean mine survey data is not just commercially sensitive — it is legally protected.

Key takeaways

  • Mine survey records are statutory documents in every Australian jurisdiction. Under WA, QLD and NSW mine safety legislation an authorised mine surveyor must certify the plans, and the operator must retain and protect them — access control is a compliance obligation, not just IT hygiene.
  • Use role-based access control (RBAC) tied to your identity provider, not shared logins. A driller setting out a blast pattern needs the current pit design; they do not need write access to the primary GDA2020 control network.
  • Protect data both in transit and at rest. TLS 1.2+ for transfers, AES-256 for stored point clouds and DTMs, and never email a raw LandXML or .las file as an unencrypted attachment.
  • Keep the control network and survey archive tamper-evident. Checksums, version control and a write-once audit log let you prove a coordinate has not been altered since it was certified — critical in any reconciliation or boundary dispute.
  • Treat the field-to-office link as the weakest point. Trimble, Leica and DJI gear sync to cloud platforms; secure those accounts with MFA and confirm where the data is physically hosted before it leaves site.

Why secure access to mine survey data matters

Mine survey data is the spatial single source of truth for the whole operation. The same coordinates underpin drill-and-blast setout, pit design conformance, void and workings plans, tailings dam crest monitoring, stockpile reconciliation worth millions per cycle, and the statutory surface relationship plans a mine is legally required to maintain. If that data is wrong, lost, or quietly altered, the consequences are not an IT inconvenience — they are safety, financial and legal.

Australia runs more than 230 operating mines and earned roughly AUD $385 billion in resources and energy exports in FY2024–25. The records behind those operations sit in LandXML files, .las point clouds, DTM surfaces, total station job files and cloud survey platforms. Each of those formats is trivial to copy, and most are trivial to edit if you can open them. A stockpile DTM altered by a few hundred millimetres of surface can shift a reconciled tonnage by a figure that finance will notice. A pit design issued to the wrong revision can put a bench in the wrong place.

There is also a hard legal layer. Statutory mine surveying — workings, voids, surface relationship plans, and the records kept under mine safety legislation — must be certified by an authorised mine surveyor (the title differs by state, but the obligation is consistent across WA, QLD and NSW). The operator is then required to retain and safeguard those records. "Accessing it securely" therefore means two things at once: keeping the wrong people out, and being able to prove to a regulator that the right data has not been tampered with.

Step 1: Classify your survey data before you protect it

You cannot secure what you have not catalogued. Before configuring any access rules, sort your spatial data into tiers, because not all of it warrants the same controls.

  • Tier 1 — Statutory and control. The primary survey control network, certified workings and void plans, surface relationship plans, lease boundary survey. This is the data that, if corrupted, breaks legal compliance. It should be effectively read-only for almost everyone.
  • Tier 2 — Engineering and operational. Pit design surfaces, conveyor and structural as-built scans, haul road DTMs, deformation monitoring datasets. Sensitive and revision-critical, but actively used by engineering.
  • Tier 3 — Working and derived. Daily stockpile flights, progress orthomosaics, draft point clouds awaiting registration. High volume, lower individual sensitivity, but still confidential commercial data.

Tip: Tag every dataset with its datum, projection and zone (GDA2020 / MGA2020 zone 50, AHD heights, or your local mine grid) at the point of classification. Mixing frames is one of the most common ways "secure" data still produces wrong answers — a GDA94 file opened as GDA2020 is silently out by roughly 1.5–1.8 m.

Step 2: Set up role-based access control

Shared logins are the single most common failure point in mine survey data security. The moment three people use one "survey" account, your audit trail is worthless and your offboarding is impossible. Replace shared access with role-based access control (RBAC) tied to your corporate identity provider so that access follows the person, not a password on a sticky note.

Map roles to the data tiers from Step 1:

  • Authorised mine surveyor — full read/write to all tiers, sole certify/sign-off rights on Tier 1.
  • Survey technician — read/write to Tier 2 and 3, read-only on the certified Tier 1 control.
  • Mining and geotech engineers — read on Tier 1 and 2, write to their own working folders only.
  • Operators (drill, dozer, GPS machine control) — receive only the current issued design surface, pushed to the machine, with no access to the source archive.
  • Finance and external auditors — read-only access to specific reconciliation deliverables, ideally time-limited.

Tip: Apply least privilege ruthlessly. The question is never "could this person reasonably want this data?" but "does their task require write access to it?" A blast setout does not require the ability to overwrite the primary control network.

Step 3: Encrypt data in transit and at rest

Mine survey data spends its life moving — from a Leica or Trimble total station to a field controller, from a DJI platform to a cloud processing service, from the office to a contractor's engineer. Every one of those hops is an opportunity for interception or accidental exposure.

  • In transit: require TLS 1.2 or higher for all transfers. Use SFTP or an enterprise file-sharing platform for large point clouds — never an unencrypted FTP server, and never a raw .las or LandXML as an email attachment, which most mail systems store unencrypted on multiple servers.
  • At rest: encrypt stored data with AES-256, whether that is on a site server, a NAS in the survey office, or a cloud bucket. Confirm that backups are encrypted too — an unprotected backup is just your secure data with the lock removed.
  • On portable media: if you must hand-carry data on a USB drive between a remote Pilbara or Goldfields site and a regional office, use hardware-encrypted drives, not consumer sticks.

Tip: When using vendor cloud platforms (Trimble Connect, Leica or DJI cloud services), confirm where the data is physically hosted. Australian-hosted regions keep your data under Australian jurisdiction and simplify any data-sovereignty obligations your client contracts impose.

Step 4: Protect the field-to-office pipeline

The weakest link in most operations is not the database — it is the gap between the instrument on site and the archive in the office. A surveyor on a FIFO swing syncing scans over site Wi-Fi, a contractor uploading a drone flight to a personal cloud account, a controller left logged in on the crib room table: these are where data actually leaks.

Harden the pipeline:

  • Enforce multi-factor authentication (MFA) on every cloud survey account and field-data platform. A password alone protecting a season of pit survey data is not adequate.
  • Use managed devices for field controllers and tablets where possible, so they can be remotely wiped if lost on a remote site.
  • Define a single ingest path — field data lands in one monitored location and is registered, checked and moved into the tiered archive from there. Ad-hoc copies scattered across laptops are how revisions get confused and data goes missing.
  • For UAV work, confirm the contractor holds a current CASA Part 101 ReOC and that their data-handling is contractually defined — their pilots' licences mean nothing if the imagery ends up on an unsecured personal drive.

Tip: Set instruments and controllers to auto-sync over secured connections rather than relying on manual end-of-shift uploads. Manual transfer is where files are forgotten, duplicated and emailed in the clear.

Step 5: Maintain integrity and an audit trail

Secure access is not only about confidentiality — it is about being able to prove the data is unchanged. For statutory mine plans and reconciliation data, integrity is the point. You need to demonstrate that a certified coordinate is the same one the authorised mine surveyor signed.

  • Version control every survey deliverable. The current pit design must be unambiguous, and every superseded revision must be retained, not overwritten.
  • Checksums (hashing) on archived files let you detect any change, accidental or deliberate. A stored hash that no longer matches the file is an immediate red flag.
  • Write-once audit logging — record who accessed, modified or exported each dataset, in a log that users cannot edit. This is what turns "we think the data is fine" into "we can prove the data is fine".
  • Tie everything to control. Every derived surface, scan or DTM should trace back to the certified GDA2020/MGA2020 control network and AHD heights it was registered against, with closure and registration residuals recorded.

Tip: Keep at least one immutable, offline or write-once copy of your Tier 1 statutory records. Ransomware that encrypts your live server is survivable if your certified mine plans exist in a form that cannot be reached or rewritten from the network.

Equipment, platforms and where the data lives

Knowing where mine survey data physically resides is half of securing it. The data originates from a small set of professional instruments and flows into a small set of platforms.

Source Typical output Where it needs protecting
Leica / Trimble total stations and GNSS Job files, control coordinates, setout data Field controller, then secured ingest path to the tiered archive
FARO / Leica terrestrial laser scanners .las / .e57 point clouds, registered scans Large files — encrypted storage and SFTP transfer, not email
DJI UAV platforms Imagery, orthomosaics, photogrammetric point clouds Cloud processing accounts with MFA; confirm hosting region
Office processing LandXML, DTM/DEM surfaces, scan-to-CAD, BIM models Versioned, checksummed, RBAC-controlled project store

Note: The site is responsible for defining who may access its data and under what terms. A competent survey provider works to those rules — delivering in your declared datum and grid, handling data within an agreed secure pipeline, and providing audit-ready records. Confirm data-handling responsibilities in writing before any survey mobilises.

Cost and effort considerations

Securing mine survey data is far cheaper than recovering from a breach, a corrupted reconciliation, or a regulator finding that statutory records were not adequately protected. The effort is mostly process and configuration rather than capital.

Control Impact How to manage
RBAC via identity provider Eliminates shared-login risk and fixes offboarding Use existing corporate SSO; map roles to data tiers once
Encryption in transit and at rest Closes interception and theft exposure TLS 1.2+ and AES-256 are standard on most platforms — enable, don't build
MFA on field/cloud accounts Stops the most common account compromise Free or near-free; the friction is cultural, not technical
Immutable Tier 1 archive Protects statutory records from ransomware and tampering Write-once or offline copy; modest storage cost
Audit logging Provides proof of integrity and access Most enterprise platforms log natively — confirm it is enabled and retained

The honest framing: the technical controls are largely included in tools you already pay for. The real cost is the discipline to classify data, kill shared logins, and define a single ingest path — and that cost is trivial against a single mis-reconciled stockpile cycle or a compliance failure on a statutory plan.

Common mistakes to avoid

Shared survey logins. The fastest way to destroy your audit trail and make offboarding impossible. One account, three users, zero accountability. Move to per-person access tied to your identity provider.

Emailing raw survey files. A LandXML, .las or DTM sent as an unencrypted attachment is copied across multiple mail servers in the clear and lives forever in inboxes you do not control. Use a secured transfer platform with access controls instead.

Confusing access with integrity. Locking the door keeps people out, but it does not prove the data inside is unaltered. Without checksums, versioning and a write-once log, you cannot demonstrate a certified coordinate has not changed.

Ignoring the datum in the security model. Securely delivering a file in the wrong reference frame is still delivering wrong data. Tag and verify GDA2020/MGA2020 and AHD on every dataset as part of handling it.

⚠️ Watch out: The most damaging failure is silent alteration of a statutory or reconciliation dataset by someone with unnecessary write access. It passes every "secure access" test — the person was authorised to log in — yet the data is wrong and you cannot prove when it changed. Least-privilege RBAC plus a tamper-evident archive is what prevents it.

Frequently asked questions

Is mine survey data legally protected in Australia?

Yes. Statutory mine survey records — workings, voids, surface relationship plans and the plans kept under mine safety legislation — must be certified by an authorised mine surveyor and retained by the operator under WA, QLD, NSW and other state mining safety regimes. Protecting access and integrity is part of meeting those record-keeping obligations, not an optional extra.

Who should be able to edit the primary survey control network?

As few people as possible — realistically only the authorised mine surveyor and nominated senior survey staff. The GDA2020/MGA2020 control network and AHD datum are the foundation every other measurement is derived from. Everyone else, including engineers and operators, should have read-only access to certified control.

How should I transfer large point cloud files securely?

Use SFTP or an enterprise file-sharing platform with access controls and TLS 1.2+ encryption. A registered .las or .e57 scan can run to many gigabytes, so email is unsuitable in any case — and unencrypted email exposes the data regardless of size. Hardware-encrypted drives are acceptable for hand-carrying data from remote sites.

Does cloud survey software meet mine data security requirements?

It can, provided you enable multi-factor authentication, confirm the hosting region (Australian-hosted keeps the data under Australian jurisdiction), and verify the platform's encryption and audit-logging. Check these against any data-sovereignty clauses in your client or joint-venture agreements before relying on a cloud platform for statutory data.

How do I prove my survey data has not been tampered with?

Combine version control, file checksums (hashing) and a write-once audit log. A retained hash that still matches the file proves it is unchanged; the audit log shows who accessed or exported it and when. For statutory records, keep an immutable offline or write-once copy as the definitive reference.

Request a quote

Accessing mine survey data securely comes down to controlling who can open it, protecting it as it moves and rests, and proving it has not changed since it was certified. Get role-based access, encryption and a tamper-evident archive in place and your spatial data becomes a defensible asset — for reconciliation, for engineering, and for the regulator.

Industrial Spatial Solutions delivers dimensional control, drone and laser scanning surveys across Australia's mining regions to the datums, tolerances and standards your operation requires — and we handle your data within a defined, secure pipeline from instrument to deliverable. To scope your next survey or talk through how your survey data should be managed and protected, call us on 0407 057 015 and speak with a specialist.