The following controls are implemented as standard across all engagements:
| Control | Implementation |
|---|---|
| Encryption at rest | AES-256 via platform-native services (e.g. Azure Storage Service Encryption, Azure Disk Encryption) |
| Encryption in transit | TLS 1.2 minimum enforced across all data transfers and API communications |
| Backup & recovery | Automated backup schedules with geo-redundant storage options within Australian regions; recovery point and time objectives defined per engagement |
| Data retention | Retention policies configured to meet your regulatory requirements; data securely deleted on engagement completion or as directed |
| Data classification | Classification framework applied at project inception so sensitive, confidential and public information are each handled appropriately |
| Key management | Platform-managed or customer-managed keys via Azure Key Vault or equivalent, depending on your requirements |
Every one of these is configured to your requirements rather than a one-size-fits-all default — data residency and classification are documented and validated during project inception.