CyberCorp Australia
Terms of Service

Terms of Service

Last Updated: December 5, 2025

1. Agreement to Terms

Welcome to CyberCorp Australia ("we," "us," "our," or "CyberCorp"). These Terms of Service ("Terms") govern your access to and use of our website at cybercorp.com.au (the "Site") and any cybersecurity services, products, or content we provide.

By accessing or using our Site or engaging our cybersecurity services, you ("Client," "you," or "your") agree to be bound by these Terms and our Privacy Policy. If you do not agree to these Terms, please do not use our Site or services.

Critical Notice: These Terms constitute a legally binding agreement between you and CyberCorp Australia. Given the sensitive nature of cybersecurity services, please read these Terms carefully, particularly sections on liability, indemnification, and security testing authorisation.

Important Authorisation Requirement:

Certain cybersecurity services (penetration testing, vulnerability assessments, red team operations) require explicit written authorisation before commencement. Unauthorised testing may violate criminal laws including the Cybercrime Act 2001 (Cth).

2. Cybersecurity Services

CyberCorp Australia provides professional cybersecurity services, including but not limited to:

Security Assessment Services:

  • Penetration testing (network, web application, mobile)
  • Vulnerability assessments and scanning
  • Security audits and reviews
  • Risk assessments and threat modeling
  • Compliance assessments (Essential Eight, ISO 27001, ISM)

Security Operations:

  • 24/7 Security Operations Center (SOC) services
  • Incident response and forensic investigation
  • Threat hunting and detection
  • Security monitoring and SIEM management
  • Malware analysis and reverse engineering

Security Implementation:

  • Network security architecture and design
  • Cloud security (AWS, Azure, GCP)
  • Endpoint protection and EDR deployment
  • Security hardening and configuration
  • Identity and access management (IAM)

Advisory Services:

  • CISO-as-a-Service
  • Security strategy and roadmap development
  • Compliance consulting (ACSC, APRA, PCI DSS)
  • Security awareness training
  • Data protection and privacy advisory

Specific services are provided under separate Statements of Work (SOW) or Service Agreements that outline the scope, deliverables, testing methodologies, timelines, fees, and rules of engagement applicable to each engagement.

3. Security Testing Authorisation

3.1 Explicit Written Authorisation Required

Before conducting any intrusive security testing (penetration testing, vulnerability exploitation, social engineering, red team operations), you must provide:

  • Signed Authorisation Letter: Explicit written permission from authorised personnel with authority to consent to testing
  • Scope Definition: Clear identification of in-scope systems, IP ranges, domains, and applications
  • Exclusions: Explicit documentation of out-of-scope systems and prohibited activities
  • Testing Window: Approved dates and times for testing activities
  • Emergency Contact: 24/7 point of contact for security incidents

3.2 Third-Party Systems

You represent and warrant that you have obtained all necessary permissions and authorisations to allow testing of any third-party systems, cloud services, or hosted infrastructure. You are solely responsible for obtaining consent from third-party service providers (AWS, Azure, GCP, etc.) where required by their terms of service.

3.3 Rules of Engagement

Unless explicitly authorised in writing, we will NOT:

  • Conduct denial-of-service (DoS) attacks or resource exhaustion testing
  • Perform destructive testing that could cause data loss or system damage
  • Access, modify, or delete production data
  • Conduct social engineering against individuals without consent
  • Test physical security controls without explicit permission
  • Engage in any activity prohibited by law or regulation

4. Client Responsibilities and Obligations

4.1 Accurate Information

You agree to:

  • Provide accurate, current, and complete information about your infrastructure and systems
  • Disclose all relevant security controls, third-party dependencies, and regulatory requirements
  • Update us promptly of any changes to scope, systems, or contact information
  • Not withhold information that could impact the safety or effectiveness of our services

4.2 Cooperation and Access

  • Provide timely access to systems, documentation, and personnel as required
  • Designate a technical point of contact with appropriate authority and knowledge
  • Respond to our inquiries and requests for information within agreed timeframes
  • Provide test accounts, credentials, or access as specified in the SOW

4.3 Remediation Responsibility

You acknowledge that our security assessments identify vulnerabilities and provide recommendations, but you are solely responsible for implementing remediation measures. We do not guarantee that our recommendations will prevent all security incidents or that identified vulnerabilities represent a complete inventory of all security issues.

4.4 Regulatory Compliance

You are responsible for ensuring your use of our services complies with all applicable laws, regulations, and industry standards, including but not limited to the Privacy Act 1988, Cybercrime Act 2001, Notifiable Data Breaches scheme, and any sector-specific regulations (APRA CPS 234, HIPAA, PCI DSS, etc.).

5. Prohibited Activities

You may not use our Site or services to:

  • Illegal Activities: Violate any applicable laws, regulations, or third-party rights
  • Unauthorised Access: Test or attack systems without explicit written authorisation
  • Weaponization: Use our tools, methodologies, or findings to develop exploits for malicious purposes
  • Disclosure: Publicly disclose vulnerabilities before coordinated disclosure timelines
  • Competitive Intelligence: Use our services to gain unfair competitive advantage
  • Reverse Engineering: Attempt to reverse engineer our proprietary tools or methodologies
  • Malware Distribution: Introduce malware, viruses, or harmful code into our systems
  • Data Harvesting: Collect or harvest data from our Site without authorisation
  • Interference: Interfere with or disrupt our services, servers, or networks

6. Intellectual Property Rights

6.1 Our Intellectual Property

All content on our Site and all deliverables, tools, methodologies, frameworks, and reports we provide (except for Client-specific data) are the exclusive property of CyberCorp Australia and are protected by copyright, trademark, and other intellectual property laws.

This includes but is not limited to:

  • Proprietary testing methodologies and frameworks
  • Security assessment tools and scripts
  • Report templates and formatting
  • Training materials and documentation
  • Threat intelligence data and analytics

6.2 License to Client

We grant you a limited, non-exclusive, non-transferable license to use our deliverables (reports, recommendations, documentation) solely for your internal business purposes. You may not:

  • Reproduce, distribute, or publicly display our deliverables without consent
  • Modify or create derivative works from our methodologies
  • Use our deliverables for commercial purposes or to provide services to third parties
  • Remove or obscure any proprietary notices or attributions

6.3 Client Data Ownership

You retain all ownership rights to your data, systems, and infrastructure. We claim no intellectual property rights over your proprietary information. However, we may retain anonymized, aggregated data for threat intelligence purposes as outlined in our Privacy Policy.

6.4 Work Product

Upon full payment, you own the specific security reports and recommendations produced for your engagement. However, the underlying methodologies, tools, templates, and frameworks remain our property. We retain the right to use general knowledge, skills, and experience gained during the engagement for other clients.

7. Confidentiality and Data Protection

7.1 Mutual Confidentiality

Both parties agree to maintain the confidentiality of all information disclosed during the engagement, including:

  • Client Confidential Information: System architectures, vulnerabilities, credentials, business processes, and any data accessed during testing
  • CyberCorp Confidential Information: Proprietary methodologies, tools, pricing, and non-public technical information

7.2 Data Handling Standards

We handle your data in accordance with:

  • Privacy Act 1988 (Cth) and Australian Privacy Principles
  • Information Security Manual (ISM) published by ACSC
  • ISO 27001 information security controls
  • Essential Eight Maturity Model requirements

7.3 Data Retention and Destruction

We retain client data only for the duration necessary to provide services and comply with legal obligations (typically 7 years for audit purposes). Upon request or engagement completion, we will securely delete or return your confidential data using cryptographic erasure or DoD 5220.22-M compliant deletion methods.

7.4 Exceptions to Confidentiality

Confidentiality obligations do not apply to information that:

  • Is or becomes publicly available through no breach of these Terms
  • Was rightfully known prior to disclosure
  • Is independently developed without access to confidential information
  • Must be disclosed by law, court order, or regulatory requirement

8. Payment Terms and Fees

8.1 Fees and Invoicing

  • Fee Structure: Fees and payment terms will be specified in your Statement of Work or Service Agreement
  • Currency: All fees are in Australian Dollars (AUD) unless otherwise specified
  • GST: All fees are exclusive of GST unless otherwise stated; GST will be added to invoices where applicable
  • Payment Terms: Payment is due within 30 days of invoice date unless otherwise agreed

8.2 Late Payment

Late payments may incur interest at the rate of 2% per month (or the maximum allowed by law, whichever is less) on the outstanding balance. We reserve the right to suspend services for accounts more than 30 days overdue.

8.3 Expenses and Travel

Unless otherwise agreed, reasonable out-of-pocket expenses (travel, accommodation, specialist tools) will be billed separately with supporting documentation. We will obtain approval for expenses exceeding $500 AUD.

8.4 Refund Policy

Due to the nature of cybersecurity services, fees are generally non-refundable once work has commenced. If you are dissatisfied with our services, please contact us immediately to discuss resolution.

9. Service Level Agreements (SLAs)

For managed security services (SOC, monitoring, incident response), specific SLAs will be defined in your Service Agreement. Standard SLAs include:

Incident Response Times:

  • Critical (P1): 1 hour response, 4 hour resolution target
  • High (P2): 4 hour response, 24 hour resolution target
  • Medium (P3): 8 hour response, 72 hour resolution target
  • Low (P4): 24 hour response, best effort resolution

Availability Guarantees:

  • SOC Operations: 99.9% uptime (24/7/365)
  • Portal Access: 99.5% uptime during business hours
  • Monitoring Systems: 99.9% uptime
  • Planned Maintenance: Notified 48 hours in advance

SLA Credits:

If we fail to meet agreed SLAs, you may be eligible for service credits as specified in your agreement. Credits do not constitute our sole remedy for SLA breaches and do not limit other rights you may have under these Terms.

10. Limitation of Liability

To the maximum extent permitted by Australian law:

  • No Warranties: Our services are provided "as is" without warranties of any kind, express or implied, including merchantability, fitness for purpose, or non-infringement
  • Service Availability: We do not guarantee uninterrupted, error-free, or secure service delivery
  • Security Guarantees: We cannot guarantee that our services will prevent all security breaches, detect all vulnerabilities, or eliminate all risks
  • Third-Party Services: We are not liable for failures, errors, or security issues in third-party systems, software, or cloud providers

Limitation on Damages:

Our total aggregate liability for any claims arising from or related to these Terms or our services shall not exceed the lesser of:

  • The fees paid by you to us in the 12 months preceding the event giving rise to the claim, OR
  • $100,000 AUD

Exclusion of Consequential Damages:

Under no circumstances will we be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to:

  • Loss of profits, revenue, or business opportunities
  • Business interruption or downtime
  • Data loss or corruption (except as caused by our gross negligence)
  • Reputational damage
  • Third-party claims or penalties
  • Cost of substitute services or products

Consumer Guarantees:

Nothing in these Terms excludes, restricts, or modifies any consumer rights or guarantees under the Australian Consumer Law that cannot be excluded, restricted, or modified by agreement. Where applicable law implies a warranty or condition that cannot be excluded, our liability is limited to re-supplying the services or paying the cost of having the services re-supplied.

11. Indemnification

11.1 Client Indemnification

You agree to indemnify, defend, and hold harmless CyberCorp Australia and our officers, directors, employees, contractors, and agents from any claims, damages, losses, liabilities, and expenses (including reasonable legal fees) arising from:

  • Your breach of these Terms or any applicable laws
  • Unauthorised testing or access to systems you do not own or control
  • Failure to obtain necessary third-party permissions or authorisations
  • Inaccurate or incomplete information provided to us
  • Your failure to implement recommended security measures
  • Third-party claims arising from your use of our deliverables
  • Violation of third-party intellectual property rights

11.2 CyberCorp Indemnification

We agree to indemnify you against third-party claims alleging that our services, when used as authorised, infringe upon third-party intellectual property rights. This indemnity is subject to:

  • Prompt written notice of the claim
  • Sole control of the defence and settlement
  • Reasonable cooperation in the defence

This indemnity does not apply to claims arising from modifications you make, your combination of our services with other products, or your use of services outside the authorised scope.

11.3 Professional Indemnity Insurance

We maintain professional indemnity insurance covering our cybersecurity services. Upon request, we will provide a certificate of currency demonstrating adequate insurance coverage.

12. Security Breach and Incident Notification

12.1 Immediate Notification

We will notify you immediately if we:

  • Discover a critical vulnerability requiring urgent remediation
  • Detect active exploitation or indicators of compromise
  • Trigger security controls that could impact your operations
  • Experience an incident affecting your confidential data
  • Receive legal demands related to your engagement

12.2 Emergency Contact

You must provide a 24/7 emergency contact for critical security issues. We will attempt to reach this contact via multiple channels (phone, email, SMS) for incidents requiring immediate attention.

12.3 Coordinated Disclosure

For vulnerabilities discovered during testing, we follow responsible disclosure practices. We will not publicly disclose vulnerabilities before coordinated disclosure timelines (typically 90 days) or until you have patched critical issues, whichever comes first.

13. Termination

13.1 Termination for Convenience

Either party may terminate project-based engagements by providing 30 days' written notice. For managed services, termination requires 60 days' notice. You remain liable for fees for services rendered prior to the effective termination date.

13.2 Termination for Cause

Either party may terminate immediately upon written notice if:

  • The other party materially breaches these Terms and fails to cure within 14 days
  • The other party becomes insolvent or files for bankruptcy
  • Continuing the engagement would violate applicable law
  • The authorised testing scope is materially misrepresented

13.3 Effect of Termination

Upon termination:

  • Your right to use our services and deliverables will immediately cease
  • You must pay all outstanding fees for services rendered
  • We will return or destroy your confidential data as requested
  • Sections on confidentiality, intellectual property, liability, and indemnification survive
  • We will provide final reports for work completed prior to termination

13.4 Suspension of Services

We reserve the right to suspend services immediately if we believe continued testing poses a legal risk, violates these Terms, or could harm third parties. We will notify you of any suspension and work with you to resolve the issue.

14. Governing Law and Dispute Resolution

14.1 Governing Law

These Terms are governed by and construed in accordance with the laws of the Commonwealth of Australia and the State of New South Wales. The United Nations Convention on Contracts for the International Sale of Goods does not apply.

14.2 Jurisdiction

Any disputes arising from these Terms shall be subject to the exclusive jurisdiction of the courts of New South Wales, Australia. Both parties submit to the personal jurisdiction of these courts.

14.3 Dispute Resolution

Before commencing legal proceedings, the parties agree to:

  • Good Faith Negotiation: Attempt to resolve disputes through good faith negotiations for 30 days
  • Mediation: If negotiation fails, submit to mediation before an agreed mediator
  • Cost Sharing: Share mediation costs equally unless otherwise agreed

This clause does not prevent either party from seeking injunctive relief for intellectual property infringement, confidentiality breaches, or other urgent matters.

15. Changes to Terms

We may update these Terms from time to time to reflect changes in our services, legal requirements, or business practices.

Notification of Changes:

  • Material Changes: We will notify you by email at least 30 days before material changes take effect
  • Minor Updates: Posted on this page with an updated "Last Updated" date
  • Active Engagements: Changes do not affect existing Service Agreements unless mutually agreed

Your continued use of our services after changes take effect constitutes acceptance of the updated Terms. If you do not agree to the changes, you may terminate the agreement as outlined in Section 13.

16. Miscellaneous Provisions

Entire Agreement:

These Terms, together with any Service Agreements and SOWs, constitute the entire agreement between parties and supersede all prior agreements, representations, or understandings.

Severability:

If any provision of these Terms is found to be unenforceable, the remaining provisions will remain in full force and effect.

Waiver:

Failure to enforce any provision of these Terms does not constitute a waiver of that provision or any other provision.

Assignment:

You may not assign these Terms without our written consent. We may assign our rights and obligations to an affiliate or successor entity.

Force Majeure:

Neither party is liable for delays or failures due to circumstances beyond reasonable control (natural disasters, acts of war, pandemics, government actions, etc.).

Notices:

All notices must be in writing and sent to the addresses specified in your Service Agreement or the contact information below.

Contact Information

For questions, concerns, or requests regarding these Terms of Service:

Legal Department: CyberCorp Australia Legal Team

Email: legal@cybercorp.com.au

Phone: +61 (08) 6555 4935

We will respond to inquiries within 2 business days.

By using our Site and services, you acknowledge that you have read, understood, and agree to be bound by these Terms of Service and our Privacy Policy.

These Terms comply with Australian law, including the Privacy Act 1988, Cybercrime Act 2001, and industry standards from the Australian Cyber Security Centre (ACSC).