Australian Cybersecurity Consultancy · Est. 2017

Cybersecurity Architecture
for Complex Organisations.

Helping organisations strengthen security, manage risk and make informed technology decisions through architecture, assurance and independent advisory services.

Book a Security Consultation Request an Architecture Review
NIST CSFISO 27001SABSAZero TrustASD Essential EightAPRA CPS 234SOCI ActAI Governance
HEXOSYS
Intelligent Security. Stronger Futures.
2017
Established in Australia
100%
Independent advisory
6+
Industry verticals
AU/NZ
Regional coverage
18+ Years Experience
Government & Enterprise
Architecture-Led Advisory
Independent Consultancy
Why Hexosys

Why organisations choose
HEXOSYS.

An independent Australian security consultancy since 2017 — senior practitioners pairing architecture-led thinking with vendor-neutral advice on every engagement.

18+
Years of ICT Practice

Advisory grounded in 18+ years of hands-on ICT practice across complex, high-stakes environments.

12+
Years in Security Architecture

Over a decade designing and assuring security architecture across advisory, assurance and technical design.

Enterprise & Regulated Depth

Trusted across critical infrastructure, financial services and regulated industries where assurance is non-negotiable.

Essential Eight Specialists

Pragmatic guidance that lifts organisations through Essential Eight maturity with measurable progress.

Framework-Aligned by Design

Programs mapped to ISM, PSPF and NIST so security and compliance reinforce one another.

Cloud & Hybrid Security

Architecture-led cloud security across Azure, AWS and hybrid estates — designed, not bolted on.

Independent by Principle

Vendor-neutral architecture and advisory aligned to your outcomes across the engagement lifecycle.

Risk-Informed Assurance

Assurance and compliance shaped by real-world risk, focused on the obligations that matter.

Secure-by-Design Consulting

Security expertise
across every discipline.

All services
Cybersecurity Architecture

A coherent security architecture that aligns protection to business strategy and risk appetite — giving leadership a defensible basis for technology decisions.

Learn more
Security Strategy & Roadmaps

Board-ready security strategy and a prioritised multi-year roadmap that sequences investment to reduce risk and meet regulatory obligations.

Learn more
AI Security & Governance

Governance and assurance that let the organisation adopt AI with confidence — managing risk while enabling business value.

Learn more
Secure-by-Design

Security built in from the outset, reducing rework, audit findings and exposure as new systems and services are delivered.

Learn more
Security Assessments

An evidence-based view of your security posture and maturity — clarifying where risk sits and where investment delivers the greatest uplift.

Learn more
Cloud Security

Confidence that cloud and hybrid environments are designed and governed securely — supporting resilient, compliant business operations.

Learn more
Tangible Outcomes

What clients receive.

Every engagement produces clear, board-ready deliverables — evidence-based artefacts that drive decisions and demonstrate measurable security improvement.

Security Architecture Reviews

Independent evaluation of current-state architecture against frameworks and best practice.

Threat & Risk Assessments

Structured identification and rating of security risks across people, process and technology.

Security Roadmaps

Multi-year, prioritised roadmaps that sequence investment and reduce risk progressively.

Cloud Security Assessments

Azure and AWS security posture reviews against cloud-native best practice and benchmarks.

Essential Eight Reviews

Maturity assessment against the ASD Essential Eight with prioritised uplift recommendations.

Security Design Reviews

Design-stage assurance that embeds security controls before build and deployment.

Executive Briefings

Board and executive-ready briefings that translate security risk into business language.

Governance & Assurance Reports

Objective assurance reporting on security governance, controls and programme effectiveness.

Compliance Gap Assessments

Gap analysis against regulatory obligations with clear, actionable remediation pathways.

Security Standards Mapping

Cross-mapping of controls across NIST, ISO 27001, Essential Eight and sector frameworks.

Our Methodology

How HEXOSYS delivers
security outcomes.

A structured, outcomes-focused journey — from understanding your context to continuous improvement of your security posture.

01
Understand

Business context, threat landscape and strategic priorities.

02
Assess

Evidence-based review of risks, gaps and security maturity.

03
Design

Security architecture and roadmap with measurable outcomes.

04
Implement

Advisory and assurance support driving secure delivery.

05
Improve

Continuous improvement that builds lasting security capability.

Why Hexosys

Independent.
Expert.
Outcomes-focused.

HEXOSYS is an independent Australian consultancy with no vendor affiliations and no product sales incentives. Our only obligation is to deliver the right security outcome for your organisation.

About Hexosys
  • 01
    Independent Advisory

    Guidance shaped solely by your risk, objectives and obligations — giving leadership confidence that advice serves the organisation, not a sales target.

  • 02
    Architecture-Led Decisions

    Security investments anchored to a coherent target architecture, so spend is prioritised, defensible and aligned to business strategy.

  • 03
    Security by Design

    Risk addressed at the design stage rather than after deployment, reducing rework, exposure and cost across the technology lifecycle.

  • 04
    Government & Enterprise Experience

    Practitioner experience across regulated and complex environments, translating sector obligations into clear, actionable direction.

  • 05
    Risk-Based Outcomes

    Effort focused where it reduces the most risk, giving boards measurable improvement and a clear line of sight to assurance.

  • 06
    Vendor-Agnostic Recommendations

    No product commissions or partner incentives — recommendations are objective, comparable and made in your interest alone.

Executive Advisory

Strategic security
leadership.

HEXOSYS supports CIOs, CISOs and technology executives with trusted, independent advisory — strengthening security posture and informing investment decisions at the leadership level.

We bring architecture depth and risk-informed judgement to the executive table, helping leaders prioritise with confidence and demonstrate assurance to boards and regulators.

Book a Security Consultation
Fractional Security Architecture
Cybersecurity Advisory
Executive Risk Workshops
Security Investment Prioritisation
Security Governance Reviews
Security Strategy Development
Architecture Assurance
Engagement Outcomes

What clients achieve.

Engagements are measured by the business outcomes they deliver — not the volume of activity.

Reduced cyber risk exposure

A clearer, lower risk profile with the most material threats addressed first.

Improved architecture maturity

Security architecture that advances measurably against recognised frameworks.

Stronger compliance posture

Clearer alignment to regulatory obligations and readiness for audit and assurance.

Clear technology decision-making

Confident, defensible decisions on security investment and technology direction.

Reduced audit findings

Fewer repeat findings as control gaps are closed and embedded into design.

Better executive visibility

Security risk expressed in business terms the board can understand and act on.

Industries We Serve

Sector expertise
for complex environments.

All industries
Government

Federal, state and local government security architecture, ISM compliance, PSPF alignment and whole-of-government security programs.

ISMPSPFEssential EightIRAP
Financial Services

APRA-aligned security programs, cyber resilience architecture and financial sector compliance for banks, insurers and wealth managers.

APRA CPS 234APRA CPS 230PCI-DSS
Critical Infrastructure

SOCI Act compliance, OT/ICS security architecture and critical infrastructure risk management programs.

SOCI ActOT SecurityIEC 62443
Healthcare

Clinical system security, health data protection and healthcare cyber resilience for public and private health organisations.

Privacy ActMy Health Record
Technology

SaaS security, DevSecOps, cloud-native architecture and software supply chain security for technology organisations.

DevSecOpsSOC 2OWASP
Education

Research institution security, student data protection and higher education cyber resilience programs.

Privacy ActResearch Security
Utilities

Energy, water and utilities security — OT/ICS protection, SOCI obligations and operational resilience for essential service providers.

SOCI ActOT SecurityIEC 62443
Enterprise Organisations

Large enterprise security architecture, governance and assurance across complex, distributed and multi-cloud environments.

ISO 27001Zero TrustCloud Security
Insights & Perspectives

Security thinking
from our experts.

All insights

AI Security

The CISO's Guide to AI Governance in the Enterprise

How security leaders can build governance frameworks enabling responsible AI adoption without compromising security posture.

June 2026

Read more

Architecture

Zero Trust Architecture: Beyond the Buzzword to Business Outcomes

Practical guidance for implementing Zero Trust across identity, device, network and application layers.

May 2026

Read more
ML3

Compliance

ASD Essential Eight: A Practical Path to Maturity Level 3

Step-by-step guidance for organisations working toward Essential Eight Maturity Level 3 compliance.

April 2026

Read more
Trust & Frameworks

Security frameworks
we align with.

Every engagement is grounded in recognised Australian and international security frameworks, standards and regulatory obligations.

Governance
ISO 27001ISO 31000NIST CSF
Government
ISMPSPFASD Essential Eight
Architecture
SABSASecure-by-DesignZero Trust
Operational
MITRE ATT&CKCIS ControlsOWASP
Regulatory
APRA CPS 234APRA CPS 230SOCI ActPrivacy Act 1988
Assurance & Cloud
SOC 2PCI-DSSIEC 62443Cloud Security AllianceAI Governance
Independence

Security decisions built on
evidence, not vendor agendas.

HEXOSYS provides independent security architecture, risk and assurance advice — without product sales, reseller margins or partner incentives shaping what we recommend.

That independence means our guidance is comparable, objective and defensible at board and audit level. You receive a clear view of risk and the options to address it, free of commercial bias.

How We Work
No product sales or reseller margins
No partner commissions or referral incentives
Recommendations based on evidence and risk
Advice that is comparable and defensible
Architecture and assurance, not implementation lock-in
Start a Conversation

Discuss your security challenges with an architect.

Speak with a HEXOSYS security architect about your organisation's specific challenges, objectives and priorities.

Book a Security Consultation Request an Architecture Review

Services & Capabilities

Every capability.
One trusted partner.

Integrated cybersecurity consulting across strategy, architecture, assessment and transformation.

Strategy

Security Strategy & Roadmaps

Executive-level security strategies aligned to business objectives and regulatory obligations, with multi-year roadmaps and investment prioritisation.

Strategy DevelopmentMulti-Year RoadmapsBoard ReportingSecurity Governance

Architecture

Cybersecurity Architecture

Enterprise security architecture using SABSA, Zero Trust and cloud-native security patterns. From reference architecture to detailed technical design.

SABSAZero Trust DesignNetwork SecurityIAM ArchitectureData Protection

AI Security

AI Security & Governance

AI risk frameworks, governance models and secure AI architecture to safely adopt artificial intelligence at enterprise scale with appropriate controls.

AI GovernanceAI Risk AssessmentsSecure AI ArchitectureAI Assurance

Cloud

Cloud Security Architecture

Confidence that cloud and hybrid environments are designed and governed securely — supporting resilient, compliant business operations.

Azure SecurityAWS SecurityCSPMContainer Security

Compliance

Security Compliance & Assurance

Navigate complex regulatory and compliance obligations with structured assurance programs across Australian and international standards.

ISO 27001NIST CSFEssential EightAPRA CPS 234SOCI Act

Transformation

Security Transformation

End-to-end security transformation programs including capability uplift, operating model design and ongoing advisory support for sustained improvement.

Program AdvisoryCapability UpliftSecurity Operating Model

Discuss your security priorities.

A senior HEXOSYS consultant will respond within one business day.

Arrange a Consultation
← hexosys.com.au

Industry Solutions

Security expertise
shaped by sector.

Every sector has unique threat vectors, regulatory obligations and risk profiles. HEXOSYS brings deep sector knowledge to every engagement.

Government

Federal, state and local government security architecture, ISM compliance, PSPF alignment and whole-of-government security transformation programs.

ISMPSPFEssential EightIRAPProtective Markings
Financial Services

APRA CPS 234 and CPS 230 compliance, banking security architecture, cyber resilience programs and financial sector regulatory compliance for banks, insurers and wealth managers.

APRA CPS 234APRA CPS 230PCI-DSSASD Essential Eight
Critical Infrastructure

SOCI Act compliance, critical infrastructure risk management programs (CIRMP), OT/ICS security architecture and sector-specific uplift across energy, water, transport and communications.

SOCI ActOT/ICS SecurityCIRMPIEC 62443
Healthcare

Clinical system security, health data protection, My Health Record compliance and healthcare cyber resilience for public and private health organisations.

Privacy ActMy Health RecordClinical Security
Technology

SaaS security, DevSecOps integration, cloud-native security architecture and software supply chain security for fast-growing technology organisations.

DevSecOpsSOC 2 Type IIOWASPSupply Chain Security
Education

Research institution security, student data protection, higher education cyber resilience and compliance programs.

Privacy ActResearch SecurityData Protection

Sector-specific security expertise.

Speak with a HEXOSYS consultant who understands your industry.

Engage Our Team
← hexosys.com.au

Cybersecurity Architecture

Security designed
from first principles.

Enterprise security architecture that aligns security design to business strategy, risk appetite and technology direction. Built to last, not to checkbox.

What We Deliver

Architecture capabilities

01
Architecture Reviews

Independent assessment of existing security architecture identifying gaps, risks and improvement opportunities against frameworks and best practice.

02
Security Design

Target state security architecture design aligned to business objectives, regulatory requirements and the organisation's risk appetite.

03
Security Patterns

Reusable security design patterns and reference architectures that embed security controls consistently across systems and platforms.

04
Reference Architectures

Enterprise security reference architectures providing a consistent blueprint for security design decisions across technology programs.

05
Enterprise Security Strategy

Board-level security strategies with clear priorities, investment rationale and measurable outcomes aligned to business direction.

06
Security Roadmaps

Multi-year security roadmaps that sequence investment, reduce risk progressively and build security capability in a structured, sustainable way.

Framework Expertise

Architecture standards we apply

  • SABSA
  • Zero Trust Architecture
  • TOGAF
  • NIST CSF
  • ISO 27001
  • CIS Controls
  • Cloud Security Alliance
  • ASD Essential Eight
  • MITRE ATT&CK
  • OWASP
  • Secure-by-Design

Start with architecture.

Engage Hexosys
← hexosys.com.au

AI Security & Governance

Adopt AI securely.
Govern it responsibly.

AI introduces new security and governance challenges. HEXOSYS helps organisations adopt AI safely with frameworks that scale from project to enterprise.

AI Security Capabilities

Comprehensive AI security
across the full lifecycle.

Strategy

AI Security Strategy

Comprehensive AI security strategy aligned to your adoption roadmap, risk appetite and regulatory obligations.

Governance

AI Governance Frameworks

AI governance structures, accountability frameworks, ethical AI principles and risk management for responsible deployment.

Risk

AI Risk Assessments

Structured assessment of AI-specific risks including model integrity, data poisoning, adversarial attacks and prompt injection.

Architecture

Secure AI Architecture

Security architecture for AI systems, ML pipelines, LLM deployments and AI-enabled applications. Secure-by-design from inception.

Compliance

AI Regulatory Compliance

Navigate emerging AI regulations including the EU AI Act, Australian AI Ethics Framework and sector-specific AI governance requirements.

Assurance

AI Assurance Reviews

Independent assurance reviews providing objective evidence of responsible AI deployment and governance.

Govern your AI risk.

Discuss AI Security
← hexosys.com.au

Security Assessments

Understand your
true security posture.

Independent, expert-led assessments that give you an honest, evidence-based view of your security maturity, risks and gaps without vendor bias.

Assessment Programs

Choose the right program
for your needs.

Security Health Check
Targeted · 1–2 Weeks

Rapid review of a specific security domain. Ideal for targeted assurance on a particular risk area.

  • Defined scope review
  • Gap analysis against framework
  • Risk-rated findings report
  • Remediation recommendations
  • Executive summary
Enquire
Recommended
Cyber Maturity Assessment
Comprehensive · 4–6 Weeks

Structured maturity assessment across people, process and technology, benchmarked against industry frameworks.

  • NIST CSF or Essential Eight assessment
  • Maturity scoring across all domains
  • Threat landscape analysis
  • 3-year security roadmap
  • Board-ready executive report
  • Investment prioritisation model
Get Started
Security Risk Assessment
Enterprise · 6–10 Weeks

Comprehensive ISO 31000-aligned risk assessment across your entire organisation and supply chain.

  • ISO 31000 methodology
  • Enterprise risk identification
  • Threat modelling workshops
  • Risk register development
  • Treatment plan and roadmap
  • Board risk reporting templates
Enquire

Request an assessment.

Request an Assessment
← hexosys.com.au

Insights & Perspectives

Security thinking
from our experts.

AI Security

The CISO's Guide to AI Governance in the Enterprise

How security leaders can build governance frameworks enabling responsible AI adoption.

June 2026

Architecture

Zero Trust Architecture: Beyond the Buzzword to Business Outcomes

Practical guidance for implementing Zero Trust across identity, device, network and application layers.

May 2026

ML3

Compliance

ASD Essential Eight: A Practical Path to Maturity Level 3

Step-by-step guidance for organisations working toward Essential Eight Maturity Level 3.

April 2026

Risk Management

Security Risk Management for Complex Organisations

Building a risk management framework that connects security risk to business risk.

March 2026

Cloud Security

Securing Enterprise Workloads in Azure and AWS

Architecture patterns and security controls for enterprise cloud environments.

February 2026

Secure-by-Design

Why Secure-by-Design Reduces Long-Term Security Cost

The economic case for embedding security at the design stage to reduce later remediation effort and cost.

January 2026

← hexosys.com.au

About Hexosys

Built on experience.
Focused on outcomes.

Our Story

Independent expertise
since 2017.

HEXOSYS was established in August 2017 by cybersecurity professionals with extensive experience across financial services, critical infrastructure, healthcare, enterprise technology and regulated industry environments.

Having worked inside some of Australia's most complex regulated organisations, we recognised a consistent need for independent cybersecurity expertise that prioritises business outcomes and practical improvements over vendor product cycles.

Today, HEXOSYS provides advisory, architecture and assurance services to complex organisations seeking trusted guidance across cybersecurity, AI security and secure-by-design initiatives throughout Australia and New Zealand.

Mission

To help complex organisations strengthen security, manage risk and enable business outcomes through practical cybersecurity leadership, architecture excellence and trusted advisory services.

Our Commitment

Independent advice.

Practical outcomes.

Architecture-led thinking.

Long-term value.

Credentials

Expert credentials across every discipline.

CISSP

Information Systems Security

SABSA SCF

Enterprise Security Architecture

Azure Security

Azure Security Engineering

CISM

Information Security Management

ISO 27001

Lead Auditor & Lead Implementer

CRISC

Risk and Information Systems Control

AWS Security

AWS Security Architecture

CISA

Information Systems Audit and Assurance

Work with us.

Contact Hexosys
← hexosys.com.au

Contact & Engage

Start a
Conversation.

Every HEXOSYS engagement begins with a confidential conversation. We respond within one business day.

Send an Enquiry
Privacy Policy.

We respond within one Australian business day. All enquiries are strictly confidential.

Our Engagement Process
01
Discovery

We review your objectives and current environment to understand context and priorities.

02
Consultation

Confidential discussion to understand risks, priorities and desired outcomes.

03
Recommendation

Strategic recommendations and a tailored engagement approach.

04
Delivery

Advisory, architecture, assessment and implementation services aligned to objectives.

Contact

admin@hexosys.com.au

Australia & New Zealand

hexosys.com.au

HEXOSYS Pty Ltd · ABN 54 619 222 776

Confidential

All enquiries are treated with strict confidentiality. We do not disclose client information or engagement details to third parties under any circumstances.

← hexosys.com.au

Legal

Privacy
Policy.

How HEXOSYS Pty Ltd (ABN 54 619 222 776) collects, uses, discloses and protects personal information across our operations in Australia and New Zealand.

Effective June 2026. This Privacy Policy applies to the HEXOSYS website (hexosys.com.au) and to enquiries and communications you have with us. We handle personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles, and, where applicable, the New Zealand Privacy Act 2020.

1 · Who We Are

HEXOSYS Pty Ltd (ABN 54 619 222 776) is an independent cybersecurity advisory, architecture and assurance consultancy serving organisations in Australia and New Zealand. References to “HEXOSYS”, “we”, “us” or “our” are to HEXOSYS Pty Ltd.

2 · Information We Collect

We collect personal information that you provide to us and information generated when you use our website:

  • Contact form enquiries — first and last name, organisation, role or title, email address, area of interest and the details of your enquiry.
  • Business enquiries and correspondence — contact details and any information you choose to share when engaging with us about our services.
  • Email communications — the content of emails you send us and associated metadata such as sender address and timestamps.
  • Technical information — limited technical and device information processed through essential cookies so the website functions correctly and remains secure. We do not currently use third-party analytics to identify, profile or track individual visitors.
3 · How We Use Your Information

We use personal information to: respond to your enquiries and provide our advisory, architecture and assurance services; communicate with you about engagements and business matters; operate, maintain and improve our website; protect the security and integrity of our website and systems; and comply with our legal and regulatory obligations.

4 · Consent and Legal Basis

Where you submit an enquiry through our contact form, you confirm your agreement to this Privacy Policy before your enquiry can be sent. We otherwise handle personal information on the basis of your consent and our legitimate business interests in operating and providing our services. You may withdraw consent at any time by contacting us, although this may affect our ability to respond to you.

5 · Disclosure of Information

We do not sell personal information. We may disclose information to trusted service providers who support our operations — such as website hosting and email providers — who are required to protect it and use it only for the services they provide to us. We may also disclose information where required or authorised by law. We never disclose client engagement details or confidential project information to third parties.

6 · Cookies and Analytics

Our website currently uses only essential technical cookies that are necessary for the site to function and remain secure. We do not currently use third-party analytics or tracking technologies to identify, profile or track individual visitors. You can control or disable cookies through your browser settings, though some site features may not function as intended if cookies are disabled. If we introduce analytics in future, we will update this policy and obtain consent where required.

7 · Storage, Security and Overseas Handling

We take reasonable technical and organisational measures to protect personal information against loss, misuse and unauthorised access, disclosure or alteration. Information may be stored or processed in Australia or, through our service providers, overseas; where information is handled outside Australia or New Zealand we take reasonable steps to ensure it is protected to a comparable standard.

8 · Data Retention

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, to maintain our business records, and to meet legal or regulatory requirements, after which it is deleted or de-identified.

9 · Your Rights

You may request access to, or correction of, the personal information we hold about you, and you may ask us to delete information where appropriate. In Australia these rights arise under the Australian Privacy Principles; in New Zealand under the Information Privacy Principles of the Privacy Act 2020. To make a request, contact us using the details below.

10 · Changes to This Policy

We may update this Privacy Policy from time to time. The current version is published on this page with its effective date, and continued use of our website indicates acceptance of the updated policy.

11 · Contact and Complaints

For privacy questions, requests or complaints, contact us at admin@hexosys.com.au. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) in Australia, or the Office of the Privacy Commissioner (OPC) in New Zealand.

← hexosys.com.au

Legal

Terms of
Use.

The terms governing your use of the HEXOSYS website (hexosys.com.au), operated by HEXOSYS Pty Ltd (ABN 54 619 222 776).

Effective June 2026. By accessing or using this website you agree to these Terms of Use. If you do not agree, please do not use the site.

1 · Use of the Website

You may use this website for lawful, informational purposes only. You must not use it in any way that is unlawful, infringes the rights of others, or interferes with the operation or security of the site.

2 · Information Only

Content on this website is provided for general information about HEXOSYS and our services. It does not constitute professional, security or legal advice, and should not be relied upon as such. Engagements are governed by separate written agreements.

3 · Intellectual Property

All content, branding, text and design on this website are owned by or licensed to HEXOSYS Pty Ltd and are protected by applicable laws. You may not reproduce or redistribute material without our permission.

4 · No Warranties and Limitation of Liability

The website is provided on an “as is” basis. To the extent permitted by law, HEXOSYS makes no warranties about its accuracy or availability and is not liable for any loss arising from your use of, or reliance on, the website.

5 · External Links

This website may link to third-party sites. We are not responsible for the content or practices of those sites and provide such links for convenience only.

6 · Governing Law

These Terms are governed by the laws of New South Wales, Australia. Privacy matters are addressed in our Privacy Policy.

7 · Changes to These Terms

We may update these Terms of Use from time to time. The current version is published on this page with its effective date, and continued use of our website indicates acceptance of the updated Terms.

8 · Contact

Questions about these Terms can be sent to admin@hexosys.com.au.

← hexosys.com.au

Trust

Security
& Disclosure.

Our security commitment, responsible disclosure process, and how HEXOSYS Pty Ltd (ABN 54 619 222 776) protects the information entrusted to us.

As an independent cybersecurity consultancy, HEXOSYS holds its own systems, website and communications to the standards we advise our clients to adopt. This page sets out our security commitment, how to report a concern responsibly, and how we handle the information entrusted to us.

1 · Security Commitment

We apply security-by-design and least-privilege principles across our website, email and internal tooling, and we treat the confidentiality, integrity and availability of information entrusted to us as a core professional obligation. Our security posture is reviewed on an ongoing basis and improved as threats and good practice evolve.

2 · Responsible Disclosure

We welcome reports from security researchers and members of the public who identify potential weaknesses in our website or communications. Please give us a reasonable opportunity to investigate and remediate before any public disclosure, act in good faith, and avoid accessing, modifying or deleting data that is not your own. We will not pursue action against researchers who report issues responsibly and in line with this policy.

3 · Vulnerability Reporting

To report a suspected vulnerability, email admin@hexosys.com.au with enough detail for us to reproduce and assess the issue — the affected URL or component, the steps to reproduce, and any supporting evidence. Please avoid automated scanning or testing that could disrupt our services or those of our clients. We aim to acknowledge legitimate reports promptly and will keep you informed through validation and remediation.

4 · Data Protection Principles

We collect only the information we need, use it solely for the purpose for which it was provided, and retain it no longer than necessary. Access is limited to those who require it, information in transit is protected using current encryption standards, and we align our handling of personal information with the Australian Privacy Act 1988 and the Australian Privacy Principles, and the New Zealand Privacy Act 2020. Further detail is set out in our Privacy Policy.

5 · Information Handling

Enquiries and business correspondence are handled through managed, access-controlled business systems. We classify information according to its sensitivity, apply appropriate safeguards to client and commercial material, and dispose of information securely when it is no longer required. Client engagement material is governed by the confidentiality and security arrangements agreed for each engagement.

6 · Third-Party Services

Our website and communications rely on a small number of reputable third-party providers, such as hosting, email and content delivery. We select providers with appropriate security and privacy practices, share only the data necessary for each service, and review these arrangements periodically. Where a provider processes personal information on our behalf, that processing is covered by our Privacy Policy.

7 · Contact Security Team

For security matters — vulnerability reports, disclosure questions, or concerns about how information is handled — contact us at admin@hexosys.com.au. For general enquiries, please use our contact form. HEXOSYS Pty Ltd (ABN 54 619 222 776) operates across Australia and New Zealand.

← hexosys.com.au