LEGAL
Website Terms of Use
Original effective date: 31 May 2021 · Current version: 16 June 2026
Note: These terms govern use of the TRUSTYCYBER website, contact forms, engagement fit check and evidence collection environment. They do not by themselves govern an internal audit or other professional engagement. Professional services are subject to a separate written proposal or engagement agreement agreed with the client.
1. About these terms
These terms govern your use of the TRUSTYCYBER website; website contact and enquiry forms; the TRUSTYCYBER engagement fit check; payment links made available through or following the website; an approved Microsoft 365, OneDrive or SharePoint evidence collection environment; and related online features made available by TRUSTYCYBER.
The website is operated by: Andrew Robinson trading as TRUSTYCYBER · ABN: 79 805 301 840 · [email protected]
By using the website or an associated online feature, you agree to these terms.
2. Professional engagements have separate terms
These website terms do not, by themselves, appoint TRUSTYCYBER to perform an internal audit or another professional service. Professional services are governed by a separate written proposal, scope, order, engagement agreement or other terms provided when the engagement is approved. Where an engagement document conflicts with these website terms, the engagement document prevails in relation to the professional service.
3. Eligibility and authority
You may use the website only if you have legal capacity to do so. If you use the website, complete a fit check, make a payment or upload evidence on behalf of an organisation, you represent that you are authorised to act for that organisation. You must provide information that is accurate and not misleading.
4. Website information
Website content is provided for general information. It is not legal advice, certification advice, a formal audit opinion, a statement that an organisation conforms with a standard, a substitute for advice addressing your particular circumstances, or a guarantee that TRUSTYCYBER will accept an engagement. You should obtain appropriate advice before relying on general website information.
5. Engagement fit check
The fit check is an initial screening and scoping tool. It may use predetermined rules to produce an immediate preliminary result. A result is preliminary, non-binding, not a quotation, not an audit conclusion, not an acceptance of an engagement, not a reservation of availability, not certification advice, and subject to human review.
A preliminary fit result does not create an engagement or automatically release a payment link.
TRUSTYCYBER may consider additional matters before accepting an engagement, including independence and conflicts, competence and capacity, availability, proposed scope, management-system maturity, evidence availability, information classification, data-handling requirements, jurisdiction, timing, client conduct and commercial terms. A preliminary fit result does not require TRUSTYCYBER to accept the engagement or issue a payment link.
6. Human approval and payment links
An authorised TRUSTYCYBER reviewer assesses relevant qualification information before an engagement is approved or a payment link is released. Where an engagement is approved, TRUSTYCYBER will identify the service being purchased, the agreed or indicative scope, the fee and applicable GST treatment, any deposit or staged-payment arrangement, and relevant engagement terms.
A payment link is an invitation to pay for the service specifically described in the accompanying material. You must review the scope, fee and applicable engagement terms before paying. TRUSTYCYBER may refund a payment and decline the engagement if the payment was made in error; the agreed conditions were not satisfied; a conflict or independence issue is subsequently identified; required evidence-handling arrangements cannot be established; or TRUSTYCYBER is unable to provide the service.
7. Prices, GST and payment processing
Unless otherwise stated, prices are in Australian dollars; GST treatment will be shown with the applicable price or invoice; payments are processed using Stripe; and card details are provided to Stripe rather than stored by the TRUSTYCYBER website. Stripe's own terms and privacy practices may apply to its payment service.
8. Cancellations, rescheduling and refunds
Cancellation, rescheduling, deposits and refunds for a professional service are governed by the applicable engagement terms. Nothing in these website terms excludes a refund, remedy, consumer guarantee or other right that cannot lawfully be excluded under the Australian Consumer Law or another applicable law. If you believe a payment was duplicated, unauthorised or made in error, contact [email protected] promptly.
9. Evidence collection environment
TRUSTYCYBER may provide an approved Microsoft 365, OneDrive or SharePoint location for the collection of audit evidence. Access is limited to approved engagements and authorised users.
You must: use the environment only for the agreed engagement; follow the evidence request and handling instructions; upload only information reasonably necessary for the audit; ensure you are authorised to provide the material; promptly report suspected unauthorised access; ensure files are not knowingly malicious, corrupted or unlawful; and comply with applicable legal, contractual and organisational requirements.
You must not upload: passwords or authentication secrets unless expressly requested through an approved secure process; malware or executable code; unlawful material; material you are not authorised to disclose; personal or sensitive information not reasonably required; Australian Government security-classified information; or information requiring special handling arrangements that have not been expressly agreed. Information marked OFFICIAL: Sensitive must not be uploaded unless TRUSTYCYBER has approved the handling arrangements in writing.
10. Responsibility for uploaded information
You retain ownership of information you or your organisation uploads. You grant TRUSTYCYBER a limited right to access, copy, process, analyse and use that information to perform the agreed engagement; administer and secure the evidence environment; prepare audit work and reports; meet legal and professional obligations; and exercise rights under the engagement terms. You represent that you have authority to provide the information, its collection and disclosure to TRUSTYCYBER are lawful, and any necessary notices or consents have been provided or obtained.
11. AI-assisted evidence processing
TRUSTYCYBER may use AI-assisted tools to support evidence collection and initial analysis. These tools may assist with extracting and organising content, indexing and classifying documents, summarising information, identifying potentially relevant evidence, identifying possible gaps or inconsistencies, and presenting material for human review. AI-generated output is not itself an audit conclusion and may contain errors. AI does not make the final decision about accepting the engagement, releasing a payment link, setting the final scope, evidence sufficiency, conformity or nonconformity, audit findings, or the final report. Engagement and commercial decisions are made by an authorised TRUSTYCYBER reviewer. Evidence sufficiency, conformity decisions, audit findings and final reports are reviewed and approved by an appropriately qualified auditor.
AI-generated summaries, mappings, suggested findings and recommendations are working material only. They are not an audit conclusion or professional deliverable unless reviewed and approved through the applicable engagement process.
The client acknowledges that authorised AI-assisted services may process uploaded evidence in accordance with the Privacy Policy, Security page and applicable engagement terms.
12. Confidentiality and evidence retention
TRUSTYCYBER will take reasonable steps to restrict access to uploaded evidence and use it only for authorised purposes. Unless otherwise agreed, audit evidence is retained only while reasonably required; source evidence and working copies are normally deleted within 90 days after the engagement is closed; and the final audit report and core client relationship records may be retained. The TRUSTYCYBER Privacy Policy provides further information.
13. Intellectual property in the website
Unless otherwise stated, TRUSTYCYBER owns or is licensed to use the website, including its text, design, branding, graphics, software, fit-check structure and logic, questions, workflows and original content. You may view or download reasonable extracts for your own internal, non-commercial reference, provided the material is not altered in a misleading way, attribution and notices are retained, it is not republished or sold, and the use does not imply endorsement by TRUSTYCYBER.
14. Standards and third-party intellectual property
ISO standards and other standards, frameworks and third-party materials are owned by their respective rights holders. A reference to a standard does not reproduce or provide access to the standard, grant you a licence to copy the standard, or indicate endorsement by the relevant standards body. Clients remain responsible for obtaining any standards licences required for their own use.
15. Intellectual property in professional deliverables
Ownership and permitted use of audit reports and other professional deliverables are governed by the applicable engagement terms. Clients retain ownership of materials they provide. TRUSTYCYBER retains ownership of its pre-existing methods, templates, tools, know-how and working methods. The client's right to use and distribute the final report is limited to the purposes and recipients agreed for the engagement.
16. Prohibited use
You must not: use the website unlawfully or fraudulently; impersonate another person; submit false or misleading information; interfere with website operation or security; probe or test systems without written authorisation; bypass access controls; introduce malicious code; overload or disrupt the website; harvest contact details; use bots or automated systems that impose unreasonable load; scrape or compile website content for commercial use; use website content, questions, workflows or fit-check output to train, evaluate or improve an AI model without written permission; remove intellectual-property notices; use TRUSTYCYBER branding in a misleading way; or suggest that TRUSTYCYBER has endorsed you or your services without written permission.
17. No guarantee of certification or outcome
An internal audit is based on agreed criteria, available evidence, interviews and sampling. TRUSTYCYBER does not guarantee that a certification body will reach the same findings; an organisation will obtain or maintain certification; every weakness, incident or nonconformity will be identified; or remediation will achieve a particular outcome. Certification decisions are made by the relevant certification body, not TRUSTYCYBER.
18. Consumer rights
Nothing in these terms excludes, restricts or modifies a guarantee, right, remedy or liability that cannot lawfully be excluded or modified, including any applicable rights under the Australian Consumer Law.
19. Liability for website use
To the extent permitted by law, TRUSTYCYBER is not liable for loss arising solely from reliance on general website content; a preliminary fit-check result; website interruption or technical failure; failure to secure your own device or credentials; third-party services outside TRUSTYCYBER's reasonable control; or unauthorised or prohibited use of the website. Liability relating to a professional service is governed by the applicable engagement terms.
20. Suspension or restriction
TRUSTYCYBER may restrict or suspend access to a website feature or evidence environment where reasonably necessary to protect security, investigate suspected misuse, comply with law, protect another person's rights, respond to non-payment, preserve evidence, or enforce these terms or the applicable engagement terms.
21. Privacy
Personal information is handled in accordance with the TRUSTYCYBER Privacy Policy.
22. Changes to these terms
TRUSTYCYBER may amend these terms from time to time. The current terms will be published on the website with their revision date. Terms governing an existing professional engagement will not be changed merely by updating these website terms.
23. Severability
If part of these terms is invalid or unenforceable, it will be read down to the extent necessary or severed. The remaining terms continue to apply.
24. Governing law
These terms are governed by the laws of Victoria, Australia. The parties submit to the courts of Victoria and courts entitled to hear appeals from them.
25. Contact
- Website or service enquiries: [email protected]
- Privacy matters: [email protected]
- Security reports: [email protected]
- Legal matters: [email protected]
