Introduction

Ineket is committed to designing and delivering technology solutions that are secure, resilient, and aligned with industry best practices. As a consultancy that architects and builds business software, we do not operate as a hosting provider or data centre. However, we take responsibility for ensuring that every solution we design or implement is built with security by design and security by default.

We believe that security is a shared responsibility between Ineket, our clients, and our technology partners. This policy explains how we protect information, how we embed secure practices into our work, and how clients can rely on us to meet high standards.

Our Security Principles

Confidentiality - Access to information is limited to authorised individuals and systems.
Integrity - We ensure that data and systems remain accurate, reliable, and resistant to tampering.
Availability - We design solutions with business continuity and reliability in mind.
Accountability - Every employee, contractor, and partner is responsible for upholding security.

Technical and Operational Practices

Secure Architecture - We design solutions using the Microsoft Security Development Lifecycle (SDL), review all code against OWASP Top 10 risks, and implement Zero Trust principles where possible.
Access Controls - We recommend role-based access controls, enforce strong authentication, and encourage integration with enterprise identity platforms such as Azure Active Directory.
Encryption and Data Security - Our solutions are designed to leverage encryption in transit (TLS 1.3) and encryption at rest where supported by hosting environments.
Testing and Review - Peer review of code is mandatory, static and dynamic scanning tools are used, and penetration testing is encouraged before go-live.
Incident Response Preparedness - If vulnerabilities are found, we commit to immediate notification, analysis, and remediation in cooperation with our clients.

Governance and Compliance

All staff and contractors must complete security awareness training and sign confidentiality agreements.
Policies are reviewed annually and updated in line with evolving threats.
Our security practices are aligned with:
• ISO/IEC 27001 – Information Security Management
• ISO/IEC 27017 & 27018 – Cloud security and protection of personal data
• NIST Cybersecurity Framework
• Australian Cyber Security Centre (ACSC) Essential Eight

Introduction

Ineket respects the privacy of all clients, partners, and users. As a consultancy, we do not act as a primary data controller or processor for client data, but in the course of delivering our services we may access business information, project documentation, or limited personal information. This policy explains how we handle that information in a way that protects confidentiality and complies with the Australian Privacy Principles (APPs) and relevant international standards.

Information We Collect

Contact Information - Name, company, email, phone number, and role.
Project Information - System designs, configuration files, workflow documentation, and test data provided by clients.
Technical Information - Diagnostic logs or system information required for troubleshooting. We do not collect or retain unnecessary personal data such as consumer information or financial records unless explicitly required by a project.

How We Use Information

To deliver consultancy, software development, and integration services.
To provide technical support and maintain solutions during an engagement.
To meet contractual and legal obligations.

Data Retention and Deletion

Information is stored securely only for the duration of the project.
After completion, information is returned to the client or securely deleted in line with NIST SP 800-88 standards.
Backups and copies are minimised and controlled.

Data Sharing

We do not sell or trade client information.
Data is only shared with third-party partners when necessary for service delivery and only under strict agreements.
Lawful disclosure may be required if demanded by regulatory authorities.

Rights of Clients

Right to access and review information held by Ineket.
Right to request corrections or secure deletion of information.
Right to ask for transparency regarding how data was used during a project.

Commitment

Privacy is not optional. It is central to the trust clients place in Ineket. We apply strict handling rules, transparent communication, and compliance with international standards to protect every piece of information shared with us.

Introduction

These Terms and Conditions govern the use of Ineket’s services. By engaging with Ineket, you agree to these terms as well as any specific terms outlined in Statements of Work or contractual agreements.

Scope of Services

Ineket provides:

IT consultancy and solution architecture.
Microsoft Power Platform and custom software development.
Systems integration and automation services.
Advisory on governance, data privacy, and digital transformation.

Intellectual Property

Client IP – All solutions, code, and designs specifically commissioned belong to the client.
Ineket IP – General frameworks, methodologies, and accelerators developed by Ineket remain our intellectual property.

Client Responsibilities

Ensure data provided to Ineket is accurate and lawful.
Provide timely access to systems, stakeholders, and documentation.
Maintain ongoing compliance and operational responsibility after delivery.

Limitation of Liability

Liability is limited to the total amount paid for the specific engagement.
Ineket is not liable for indirect damages, loss of profits, or business interruption.

Confidentiality

Ineket commits to protecting all information shared during the engagement.
Confidentiality survives the termination of contracts.

Termination

Either party may terminate by providing written notice under the agreed terms.
Any outstanding obligations, including payment and confidentiality, remain enforceable.

Introduction

Partnerships with technology providers and third-party vendors are essential for modern solution delivery. Ineket integrates Microsoft technologies and other platforms to create scalable solutions. This policy explains how we ensure that integrations and partnerships remain secure, ethical, and transparent.

Partner Selection and Evaluation

Partners must demonstrate strong compliance and security standards.
Preference is given to vendors with certifications such as ISO/IEC 27001 or SOC 2 Type II.
All partners must sign Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs).

Integration Standards

Secure authentication methods such as OAuth 2.0, OpenID Connect, and Azure AD are required.
Data minimisation principles are enforced — only essential data is transferred.
Audit logging and monitoring are designed into integrations where possible.

Responsibilities

Ineket ensures integrations are implemented securely and in line with client expectations.
Partners must maintain their own compliance and security obligations.
Clients retain ownership and control of all business data.

Transparency

We are committed to making clients aware of all integrations, dependencies, and risks involved in the solutions we deliver.

Introduction

Ineket operates in industries where confidentiality is critical. We treat all client and project information as confidential.

Our Commitments

Every employee, contractor, and partner signs a Non-Disclosure Agreement (NDA) before working with client data.
Confidential information includes business processes, solution designs, intellectual property, client lists, and technical documentation.
We will never disclose or reuse client information without explicit consent.

Exceptions

Information that is publicly available.
Information already lawfully known to Ineket.
Disclosures required by law or regulatory authorities.

Duration

Confidentiality obligations remain binding even after a contract or engagement ends.

Introduction

The way data is handled defines how much clients can trust us. Ineket has strict principles for how data is stored, shared, and destroyed.

Data Handling Rules

Only project-essential data is collected.
Data is always handled through secure channels such as Microsoft OneDrive, SharePoint, or encrypted transfer methods.
Access is restricted to authorised team members.

Retention

Data is retained only for as long as needed to complete the project.
Regular reviews ensure unnecessary copies are deleted.

Deletion

On project completion, data is either returned to the client or securely erased.
Deletion processes follow NIST SP 800-88 standards.

Purpose

This policy defines how Ineket’s systems, platforms, and solutions must be used by both our internal team and our clients.

Acceptable Use

Systems may only be used for lawful, authorised business purposes.
Users must respect intellectual property rights and software licences.
Testing and sandbox environments must not be misused.

Prohibited Use

Attempting to bypass security measures.
Uploading malicious or harmful code.
Using Ineket systems for illegal or abusive purposes.

Enforcement

Misuse of systems may lead to immediate termination of access, reporting to authorities, or contract termination.

Introduction

Ineket holds itself to high ethical and professional standards. This Code of Conduct applies to all employees, contractors, and partners.

Principles

Integrity - We act honestly and transparently in all engagements.
Respect - We maintain a workplace and client environment free of harassment or discrimination.
Professionalism - We deliver services to the highest standard of quality.
Conflicts of Interest - Any conflicts must be disclosed and managed appropriately.

Commitment to Clients

We communicate openly and honestly about risks, costs, and outcomes.
We respect client ownership of data and intellectual property.
We protect confidentiality at all times.