We work with sensitive industrial data every day. Our security posture is built from the ground up — not bolted on as an afterthought.
Every decision we make about data handling starts with these non-negotiable principles.
Client data is stored within agreed jurisdictions and never leaves the client's control without explicit authorisation. You choose where your data lives — we enforce it.
Our practices are informed by IEC 62443 (Industrial Automation & Control Systems Security), ISO 27001 (Information Security Management) and the Australian Government's Essential Eight framework.
All data transfers, access events and processing activities are logged and traceable. If you need to audit it, we can show it.
We do not seek to own client data or any IP attached to it. Data is stored and used only for the duration of our engagement. After completion, it is deleted from our systems — unlike many traditional consultants.
Data is transferred via encrypted channels with access controls at every stage. From ingestion through to delivery, your data is protected in transit and at rest.
Role-based access ensures only authorised personnel can interact with your data. Every access event is logged, time-stamped and attributable to an individual.
Often retain copies of client data indefinitely. IP ownership is murky. Data may be stored on shared infrastructure with weak access controls. You rarely get transparency into who accessed what.
The old wayYour data is used for the agreed engagement only. Full deletion post-engagement. Auditable access logs. Jurisdiction-controlled storage. We don't keep your data because we don't need to — and we don't want to.
The GILT standard