Security
Last updated: 28 June 2026
Our Commitment
At TandemIT (ABN 34 699 177 841), security is foundational to everything we do — not an afterthought. We apply the same rigour to our own systems that we deliver to our clients. This page outlines how we protect our website, your data, and the services we provide.
Website Security
- All traffic is encrypted with TLS 1.2+ (HTTPS enforced across the entire site)
- Hosted on Cloudflare Pages with built-in DDoS protection and Web Application Firewall (WAF)
- DNS managed through Cloudflare with DNSSEC enabled
- No sensitive data stored on the web server — contact form submissions are processed via encrypted API and delivered to secured email
- Content Security Policy (CSP) and security headers configured to prevent XSS, clickjacking, and other common web attacks
Email Security
- SPF, DKIM, and DMARC configured to prevent email spoofing and phishing
- Microsoft 365 with Defender for email threat protection
Client Data Protection
When managing IT services for our clients, we follow these principles:
- Least-privilege access — our team only accesses what is needed for the task at hand
- Multi-factor authentication (MFA) enforced on all administrative accounts
- Regular access reviews and prompt deprovisioning when engagements end
- Encrypted communications for all sensitive data exchanges
Incident Response
We maintain an incident response process to detect, contain, and recover from security incidents promptly. If we identify a breach affecting client data, we will notify affected parties as required by the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988.
Responsible Disclosure
If you discover a security vulnerability on our website or systems, we encourage responsible disclosure. Please contact us at [email protected] with details of the vulnerability. We will acknowledge receipt, investigate promptly, and keep you informed of the resolution.
Questions
For questions about our security practices, contact us at [email protected]