Terms of Service

Note: These Terms of Service set out the standard commercial terms on which TRUSTYCYBER provides professional services such as internal audits, readiness assessments and advisory work. They apply together with the specific quote, proposal or engagement document agreed for your engagement. Where a quote or proposal states a different term, that document prevails for that engagement. Use of the TRUSTYCYBER website is separately governed by the Website Terms of Use.

1. About these terms

These terms are between you or the organisation you represent (the client) and Andrew Robinson trading as TRUSTYCYBER (TRUSTYCYBER, we, us).

• Provider: Andrew Robinson trading as TRUSTYCYBER, a sole trader
• ABN: 79 805 301 840
• Contact: [email protected] · [email protected]

By accepting a quote or proposal, or by instructing us to begin work, the client agrees to these terms. If you accept on behalf of an organisation, you warrant that you are authorised to bind it.

2. How these terms apply

The agreement for an engagement is made up of the accepted quote or proposal (including its scope, fee and any specific conditions) and these Terms of Service. If there is any inconsistency, the order of precedence is: first, a signed engagement agreement; second, the accepted quote or proposal; third, these Terms of Service. These terms do not, by themselves, oblige TRUSTYCYBER to accept any engagement.

3. Scope of services

We will provide the services described in the accepted quote or proposal (the services). Anything not expressly included is out of scope. The scope is based on the information available when the quote is prepared. If the engagement is materially different from what was described to us, or additional work is required, we will agree a variation to scope, fee and timing before continuing.

4. Additional services and variations

The client may request additional services in writing. We may accept or decline a request at our discretion, and accepted additional services may attract additional fees, which we will notify before starting them. Any variation to the scope, fees or timing of an engagement must be agreed in writing before we continue the affected work. We may also undertake other work for other clients during an engagement, provided it does not conflict with our obligations to the client.

5. Fees, GST and currency

Fees are as stated in the quote or proposal. Unless stated otherwise, fees are quoted in Australian dollars and are exclusive of GST and of any card or payment-processing fees; where GST applies it will be added and shown on the tax invoice. Fixed-fee quotes assume the scope, assumptions and timeframe described in the quote.

6. Deposit and payment

Unless the quote states otherwise, a deposit of 50% of the engagement fee is payable on acceptance of the quote, and work does not commence until the deposit is received. The remaining balance is payable on completion of the engagement, being delivery of the audit report or other agreed deliverable. We may instead agree staged or milestone payments in the quote, in which case those terms apply.

Invoices are payable within 14 days of the invoice date unless stated otherwise. Payments may be made by the methods shown on the invoice or quote, which may include Stripe or electronic funds transfer. Card payments are processed by Stripe under its own terms; card details are provided to Stripe rather than stored by TRUSTYCYBER.

7. Expenses and disbursements

Fees do not include out-of-pocket expenses or disbursements unless the quote says so. Reasonable expenses necessarily incurred for the engagement — including travel, transport, accommodation and third-party charges — are billed in addition, at cost. We will obtain the client's prior written approval before incurring material expenses, and the client is not liable for expenses that were not approved in advance. We will provide receipts and reasonable supporting documents for expenses claimed. Where on-site attendance requires significant travel time, any charge for travel time will be stated in the quote.

8. Late payment and suspension

If an undisputed invoice is overdue, we may suspend work and withhold delivery of reports or other deliverables until payment is received, charge interest on the overdue amount at a reasonable rate, and recover reasonable costs of recovering the overdue amount (including legal costs). We will give the client notice before suspending work for non-payment. Title to, and any licence to use, a deliverable does not pass until the related fees are paid in full.

9. Cancellation, rescheduling and refunds

Either party may cancel an engagement on written notice. If the client cancels after work has commenced, the deposit covers work performed and reasonable commitments made up to cancellation, and we will invoice (or refund) so that the client pays only for work performed and unavoidable costs to that point. Rescheduling of booked audit dates should be requested with reasonable notice; short-notice changes may incur a charge for time or costs we cannot reasonably reallocate. Nothing in this clause limits a refund or remedy that cannot be excluded under the Australian Consumer Law.

10. Relationship of the parties

We provide the services as an independent contractor. Nothing in these terms makes TRUSTYCYBER an employee, partner, agent or authorised representative of the client. We are responsible for our own personnel and any subcontractors, and for our own obligations including wages, taxes and superannuation. We may engage appropriately authorised specialists or subcontractors to assist with an engagement, as described in our Privacy Policy, and we remain responsible for the services they provide on our behalf.

11. Client responsibilities

The client agrees to: provide timely access to the people, documents, systems and evidence reasonably required; ensure information provided is accurate, complete and not misleading; make available appropriately informed and authorised personnel; provide a safe working environment for any on-site attendance; and respond to reasonable requests within agreed timeframes. Delays caused by the client may affect timing and fees and may require a variation.

12. Independence, objectivity and conflicts

TRUSTYCYBER provides independent audit and assurance services and must protect its objectivity. We may decline or withdraw from an engagement, or part of it, where a conflict of interest or threat to independence cannot be appropriately managed. Where we identify such an issue after work has begun, we will discuss it with the client and agree an appropriate course of action.

13. Confidentiality

Each party may receive confidential information of the other. Each party will keep the other's confidential information confidential, use it only for the engagement, and protect it with reasonable care. This does not apply to information that is or becomes public without breach, was already lawfully held, is independently developed, or is required to be disclosed by law or a regulator. Each party will promptly notify the other of any actual or suspected unauthorised disclosure of confidential information. We may identify the client as a client and describe the general nature of the work for our own credentials only with the client's prior consent. These obligations survive completion of the engagement.

14. Privacy and evidence handling

Personal information is handled in accordance with the TRUSTYCYBER Privacy Policy. Audit evidence is collected and handled as described in the Privacy Policy and Website Terms of Use, including through an approved Microsoft 365, OneDrive or SharePoint environment. Unless otherwise agreed, source audit evidence is normally deleted within 90 days after the engagement is closed, while the final report and core client records may be retained.

15. Intellectual property

The client retains ownership of materials and evidence it provides to us (client materials), and grants us a royalty-free, non-exclusive licence to use them for the purpose of providing the services. The client warrants that it is entitled to provide the client materials and that our use of them for the engagement will not infringe the rights of any third party.

TRUSTYCYBER retains ownership of its pre-existing intellectual property and of the methods, templates, tools, checklists, know-how and working papers it uses or develops in providing the services, including any improvement or modification of them arising from an engagement. On full payment of the related fees, the client receives a non-exclusive, non-transferable licence to use the final report or other agreed deliverable for the purpose, and to share it with the recipients, agreed for the engagement; we may revoke that licence for non-payment or material breach. The client must not alter a deliverable in a misleading way or remove attribution or notices.

ISO and other standards and frameworks remain the property of their respective rights holders; a reference to a standard does not grant any licence to that standard, which the client is responsible for obtaining for its own use.

16. AI-assisted delivery

We may use AI-assisted tools to support evidence collection and initial analysis, as described in the Website Terms of Use and Privacy Policy. AI-generated output is working material only and is not an audit conclusion. Evidence sufficiency, audit findings and final reports are reviewed and approved by an appropriately qualified auditor. We will not use client audit evidence to train a publicly available, general-purpose AI model without the client's express written agreement.

17. Nature of an audit and no guarantee of outcome

An internal audit or assessment is based on agreed criteria, available evidence, interviews and sampling within an agreed scope and time. To the extent permitted by law the services are provided on an 'as is' basis, and specific results cannot be guaranteed. It is the client's responsibility to determine that the services meet the needs of its business and are otherwise suitable for the purposes for which it uses them. We do not guarantee that every weakness, nonconformity or incident will be identified; that a certification body will reach the same findings; or that the client will obtain or maintain certification. Certification decisions are made by the relevant certification body, not by TRUSTYCYBER. Our reports are prepared for the client and the agreed purpose and should not be relied on by others without our written agreement.

18. Client warranties and non-reliance

The client warrants that: it has authority to enter into the agreement; the information and client materials it provides are accurate and complete, and it is solely responsible for their accuracy; and it has not relied on any representation, description, illustration or specification that is not expressly set out in the accepted quote or these terms. Any estimate of timing or findings we give before or during an engagement is indicative only.

19. Professional care

We will perform the services with due care and skill and in a manner consistent with relevant professional standards, and act in good faith in our dealings with the client. Except as set out in these terms and as required by law, we give no other warranties and all terms that would otherwise be implied are excluded to the extent permitted by law.

20. Australian Consumer Law

Nothing in these terms excludes, restricts or modifies any consumer guarantee, right or remedy that cannot lawfully be excluded under the Australian Consumer Law or other applicable law. Where the law permits us to limit our liability for breach of a non-excludable guarantee, our liability is limited, at our option, to supplying the services again or paying the cost of having them supplied again.

21. Limitation of liability

Subject to clause 20, and to the extent permitted by law: our total aggregate liability arising out of or in connection with an engagement, whether in contract, tort (including negligence), under statute or otherwise, is limited to the total fees paid by the client for that engagement; and we are not liable for any indirect, special, incidental, punitive or consequential loss, or for loss of profit, revenue, anticipated savings, use, data, goodwill or business opportunity. We are not liable for loss to the extent it arises from inaccurate, incomplete or late information provided by the client, the client's decisions or reliance on a report beyond its agreed purpose, the acts or omissions of third parties, or matters outside our reasonable control.

22. Client indemnity

The client indemnifies TRUSTYCYBER, and our personnel and subcontractors, against claims, losses and reasonable costs (including reasonable legal costs) arising out of or in connection with: the client's breach of these terms or of a warranty it gives under them; any failure or omission, whether negligent or otherwise, by the client to observe these terms; any third-party claim that the client materials, or our agreed use of them, infringe the rights of a third party (including intellectual property rights); and the acts or omissions of the client's officers, employees, agents, advisers or subcontractors. The client's liability under this indemnity is reduced to the extent that our own negligence or breach caused or contributed to the relevant claim or loss.

23. Term and termination

An engagement continues until the services are completed or the engagement is otherwise ended under these terms. Either party may terminate for material breach that is not remedied within 10 Business Days of written notice, or immediately where the other party becomes insolvent. On termination, the client must pay for services performed and unavoidable commitments made up to the date of termination, and we will return client materials on the client's reasonable request. Clauses that by their nature should survive — including confidentiality, intellectual property, payment for work done, indemnity, limitation of liability and governing law — survive termination.

24. Force majeure

Neither party is liable for delay or failure to perform (other than an obligation to pay money) caused by an event beyond its reasonable control. The affected party will notify the other and use reasonable efforts to mitigate the effect.

25. Dispute resolution

A party must not commence legal proceedings about a dispute arising out of an engagement (except proceedings seeking urgent interlocutory relief) unless it has followed this clause. A party claiming a dispute must notify the other with details of the dispute. During the 15 Business Days after that notice (or any longer period the parties agree), the parties must cooperate and take reasonable steps to resolve the dispute. If it is not resolved in that period, the dispute must be referred to mediation by a mediator the parties agree on, or — failing agreement within 7 days — a mediator appointed at the request of either party by the President of the Law Institute of Victoria (or its successor). The mediation will be held in Victoria; each party bears its own costs and the parties share the mediator's costs equally. Communications made in the dispute-resolution process are confidential and made on a 'without prejudice' basis. If the dispute is not resolved within 30 Business Days after the first notice, either party may pursue its other remedies.

26. General

A variation to these terms or an engagement must be agreed in writing. Neither party may assign the agreement without the other's consent, which will not be unreasonably withheld, except that we may use appropriately authorised subcontractors to assist with an engagement as described in our Privacy Policy. If part of these terms is invalid or unenforceable, it is read down or severed and the rest continues to apply. A failure to enforce a term is not a waiver of it. The accepted quote or proposal together with these terms is the entire agreement between the parties about the engagement and replaces any prior understanding about it. Notices may be given by email to the addresses used for the engagement. In these terms, Business Day means a day that is not a Saturday, Sunday or public holiday in Victoria, Australia.

27. Governing law

These terms are governed by the laws of Victoria, Australia. The parties submit to the non-exclusive jurisdiction of the courts of Victoria and the Federal Court of Australia, and courts entitled to hear appeals from them.

28. Contact

• Engagement and service enquiries: [email protected]
• Billing enquiries: [email protected]
• Legal matters: [email protected]