Trust Center
How we earn access.
Cyber work touches the keys to the kingdom. We do not treat access as a formality. We verify authority, minimise data, define scope, and record the evidence chain before doing sensitive work.
ABN 59 870 881 596 · GST registered · Melbourne, Australia · Global remote delivery
WHO CAN AUTHORIZE
Authority first
We confirm the person requesting work can speak for the business before reconnaissance, testing, tenant access, or customer evidence handling begins.
Start qualified triage ->PASSIVE ONLY
Consent before recon
Passive public reconnaissance is optional, explicit, logged, and limited to publicly available information. Active testing needs separate Rules of Engagement.
Start qualified triage ->NO EXTRA KEYS
Least privilege access
Credentials, OAuth access, tenant invites, and production permissions are requested only after scope is signed and the access is tied to a named task.
Start qualified triage ->PROVE THE CONTROL
Evidence over theatre
We prefer screenshots, configs, logs, policies, and audit trails that can answer an insurer, auditor, board, or customer question.
Start qualified triage ->ASD + PRIVACY ACT
Australian base
Our local operating context includes ASD Essential Eight, Australian privacy expectations, ABN/GST operations, and AEST/AEDT business cadence.
Start qualified triage ->ISO + AI GOVERNANCE
Global frameworks
We support international assurance expectations including ISO27001, ISO42001, customer security questionnaires, vendor risk, and AI governance.
Start qualified triage ->Access Boundary
What we will not do casually
We will not ask for admin credentials during a sales call. We will not run active scans because someone typed a domain into a form. We will not accept vague permission to test systems. We will not produce assurance claims without evidence.