Website Terms of Use

Original effective date: 31 May 2021 · Current version: 16 June 2026

Note: These terms govern use of the TRUSTYCYBER website, contact forms, engagement fit check and evidence collection environment. They do not by themselves govern an internal audit or other professional engagement. Professional services are subject to a separate written proposal or engagement agreement agreed with the client.

1. About these terms

These terms govern your use of the TRUSTYCYBER website; website contact and enquiry forms; the TRUSTYCYBER engagement fit check; payment links made available through or following the website; an approved Microsoft 365, OneDrive or SharePoint evidence collection environment; and related online features made available by TRUSTYCYBER.

The website is operated by: Andrew Robinson trading as TRUSTYCYBER · ABN: 79 805 301 840 · [email protected]

By using the website or an associated online feature, you agree to these terms.

2. Professional engagements have separate terms

These website terms do not, by themselves, appoint TRUSTYCYBER to perform an internal audit or another professional service. Professional services are governed by a separate written proposal, scope, order, engagement agreement or other terms provided when the engagement is approved. Where an engagement document conflicts with these website terms, the engagement document prevails in relation to the professional service.

3. Eligibility and authority

You may use the website only if you have legal capacity to do so. If you use the website, complete a fit check, make a payment or upload evidence on behalf of an organisation, you represent that you are authorised to act for that organisation. You must provide information that is accurate and not misleading.

4. Website information

Website content is provided for general information. It is not legal advice, certification advice, a formal audit opinion, a statement that an organisation conforms with a standard, a substitute for advice addressing your particular circumstances, or a guarantee that TRUSTYCYBER will accept an engagement. You should obtain appropriate advice before relying on general website information.

5. Engagement fit check

The fit check is an initial screening and scoping tool. It may use predetermined rules to produce an immediate preliminary result. A result is preliminary, non-binding, not a quotation, not an audit conclusion, not an acceptance of an engagement, not a reservation of availability, not certification advice, and subject to human review.

A preliminary fit result does not create an engagement or automatically release a payment link.

TRUSTYCYBER may consider additional matters before accepting an engagement, including independence and conflicts, competence and capacity, availability, proposed scope, management-system maturity, evidence availability, information classification, data-handling requirements, jurisdiction, timing, client conduct and commercial terms. A preliminary fit result does not require TRUSTYCYBER to accept the engagement or issue a payment link.

6. Human approval and payment links

An authorised TRUSTYCYBER reviewer assesses relevant qualification information before an engagement is approved or a payment link is released. Where an engagement is approved, TRUSTYCYBER will identify the service being purchased, the agreed or indicative scope, the fee and applicable GST treatment, any deposit or staged-payment arrangement, and relevant engagement terms.

A payment link is an invitation to pay for the service specifically described in the accompanying material. You must review the scope, fee and applicable engagement terms before paying. TRUSTYCYBER may refund a payment and decline the engagement if the payment was made in error; the agreed conditions were not satisfied; a conflict or independence issue is subsequently identified; required evidence-handling arrangements cannot be established; or TRUSTYCYBER is unable to provide the service.

7. Prices, GST and payment processing

Unless otherwise stated, prices are in Australian dollars; GST treatment will be shown with the applicable price or invoice; payments are processed using Stripe; and card details are provided to Stripe rather than stored by the TRUSTYCYBER website. Stripe's own terms and privacy practices may apply to its payment service.

8. Cancellations, rescheduling and refunds

Cancellation, rescheduling, deposits and refunds for a professional service are governed by the applicable engagement terms. Nothing in these website terms excludes a refund, remedy, consumer guarantee or other right that cannot lawfully be excluded under the Australian Consumer Law or another applicable law. If you believe a payment was duplicated, unauthorised or made in error, contact [email protected] promptly.

9. Evidence collection environment

TRUSTYCYBER may provide an approved Microsoft 365, OneDrive or SharePoint location for the collection of audit evidence. Access is limited to approved engagements and authorised users.

You must: use the environment only for the agreed engagement; follow the evidence request and handling instructions; upload only information reasonably necessary for the audit; ensure you are authorised to provide the material; promptly report suspected unauthorised access; ensure files are not knowingly malicious, corrupted or unlawful; and comply with applicable legal, contractual and organisational requirements.

You must not upload: passwords or authentication secrets unless expressly requested through an approved secure process; malware or executable code; unlawful material; material you are not authorised to disclose; personal or sensitive information not reasonably required; Australian Government security-classified information; or information requiring special handling arrangements that have not been expressly agreed. Information marked OFFICIAL: Sensitive must not be uploaded unless TRUSTYCYBER has approved the handling arrangements in writing.

10. Responsibility for uploaded information

You retain ownership of information you or your organisation uploads. You grant TRUSTYCYBER a limited right to access, copy, process, analyse and use that information to perform the agreed engagement; administer and secure the evidence environment; prepare audit work and reports; meet legal and professional obligations; and exercise rights under the engagement terms. You represent that you have authority to provide the information, its collection and disclosure to TRUSTYCYBER are lawful, and any necessary notices or consents have been provided or obtained.

11. AI-assisted evidence processing

TRUSTYCYBER may use AI-assisted tools to support evidence collection and initial analysis. These tools may assist with extracting and organising content, indexing and classifying documents, summarising information, identifying potentially relevant evidence, identifying possible gaps or inconsistencies, and presenting material for human review. AI-generated output is not itself an audit conclusion and may contain errors. AI does not make the final decision about accepting the engagement, releasing a payment link, setting the final scope, evidence sufficiency, conformity or nonconformity, audit findings, or the final report. Engagement and commercial decisions are made by an authorised TRUSTYCYBER reviewer. Evidence sufficiency, conformity decisions, audit findings and final reports are reviewed and approved by an appropriately qualified auditor.

AI-generated summaries, mappings, suggested findings and recommendations are working material only. They are not an audit conclusion or professional deliverable unless reviewed and approved through the applicable engagement process.

The client acknowledges that authorised AI-assisted services may process uploaded evidence in accordance with the Privacy Policy, Security page and applicable engagement terms.

12. Confidentiality and evidence retention

TRUSTYCYBER will take reasonable steps to restrict access to uploaded evidence and use it only for authorised purposes. Unless otherwise agreed, audit evidence is retained only while reasonably required; source evidence and working copies are normally deleted within 90 days after the engagement is closed; and the final audit report and core client relationship records may be retained. The TRUSTYCYBER Privacy Policy provides further information.

13. Intellectual property in the website

Unless otherwise stated, TRUSTYCYBER owns or is licensed to use the website, including its text, design, branding, graphics, software, fit-check structure and logic, questions, workflows and original content. You may view or download reasonable extracts for your own internal, non-commercial reference, provided the material is not altered in a misleading way, attribution and notices are retained, it is not republished or sold, and the use does not imply endorsement by TRUSTYCYBER.

14. Standards and third-party intellectual property

ISO standards and other standards, frameworks and third-party materials are owned by their respective rights holders. A reference to a standard does not reproduce or provide access to the standard, grant you a licence to copy the standard, or indicate endorsement by the relevant standards body. Clients remain responsible for obtaining any standards licences required for their own use.

15. Intellectual property in professional deliverables

Ownership and permitted use of audit reports and other professional deliverables are governed by the applicable engagement terms. Clients retain ownership of materials they provide. TRUSTYCYBER retains ownership of its pre-existing methods, templates, tools, know-how and working methods. The client's right to use and distribute the final report is limited to the purposes and recipients agreed for the engagement.

16. Prohibited use

You must not: use the website unlawfully or fraudulently; impersonate another person; submit false or misleading information; interfere with website operation or security; probe or test systems without written authorisation; bypass access controls; introduce malicious code; overload or disrupt the website; harvest contact details; use bots or automated systems that impose unreasonable load; scrape or compile website content for commercial use; use website content, questions, workflows or fit-check output to train, evaluate or improve an AI model without written permission; remove intellectual-property notices; use TRUSTYCYBER branding in a misleading way; or suggest that TRUSTYCYBER has endorsed you or your services without written permission.

17. No guarantee of certification or outcome

An internal audit is based on agreed criteria, available evidence, interviews and sampling. TRUSTYCYBER does not guarantee that a certification body will reach the same findings; an organisation will obtain or maintain certification; every weakness, incident or nonconformity will be identified; or remediation will achieve a particular outcome. Certification decisions are made by the relevant certification body, not TRUSTYCYBER.

18. Consumer rights

Nothing in these terms excludes, restricts or modifies a guarantee, right, remedy or liability that cannot lawfully be excluded or modified, including any applicable rights under the Australian Consumer Law.

19. Liability for website use

To the extent permitted by law, TRUSTYCYBER is not liable for loss arising solely from reliance on general website content; a preliminary fit-check result; website interruption or technical failure; failure to secure your own device or credentials; third-party services outside TRUSTYCYBER's reasonable control; or unauthorised or prohibited use of the website. Liability relating to a professional service is governed by the applicable engagement terms.

20. Suspension or restriction

TRUSTYCYBER may restrict or suspend access to a website feature or evidence environment where reasonably necessary to protect security, investigate suspected misuse, comply with law, protect another person's rights, respond to non-payment, preserve evidence, or enforce these terms or the applicable engagement terms.

21. Privacy

Personal information is handled in accordance with the TRUSTYCYBER Privacy Policy.

22. Changes to these terms

TRUSTYCYBER may amend these terms from time to time. The current terms will be published on the website with their revision date. Terms governing an existing professional engagement will not be changed merely by updating these website terms.

23. Severability

If part of these terms is invalid or unenforceable, it will be read down to the extent necessary or severed. The remaining terms continue to apply.

24. Governing law

These terms are governed by the laws of Victoria, Australia. The parties submit to the courts of Victoria and courts entitled to hear appeals from them.

25. Contact