Home Services
About Testimonials Contact Policies Register Login
Back to Policies

Security Policy

Version: v1.0
Last updated: 5 December 2025

1. Purpose of This Policy

This Security Policy outlines the controls, technologies, and procedures SharpLync uses to protect our internal systems, customer information, cloud environment, and remote support operations. Our goal is to provide transparent confidence in how we secure the data entrusted to us.

2. Security Principles We Operate By

  • Zero Trust: No implicit trust. All access is verified.
  • Least Privilege: Staff access only what is required for their role.
  • Encryption Everywhere: Data encrypted in transit and at rest.
  • Continuous Monitoring: Threats are continuously assessed and acted upon.
  • Audit Logging: Key systems and support activities are logged and reviewable.
  • Security by Design: We build security into every system from day one.

3. Trend Micro Vision One Security Platform

As an official Trend Micro Vision One MSP Partner, SharpLync uses this enterprise-grade platform to protect both internal systems and customer endpoints under management plans.

The Trend Micro Vision One platform provides:

  • Zero-day exploit prevention
  • AI-driven behavioural detection
  • Endpoint Detection & Response (EDR)
  • Ransomware rollback and isolation
  • Email threat correlation and phishing detection
  • Identity-based threat analysis
  • XDR telemetry across endpoints, email, and identities

Through this platform, SharpLync receives a unified view of threats, real-time alerts, and automated actions to contain and neutralise risks quickly.

3.1 Trend Micro Code Security (GitHub Integration)

SharpLync integrates Trend Micro’s Code Security platform with our GitHub organization to identify vulnerabilities, exposed secrets, misconfigurations, and malware within our software repositories. This integration provides continuous insight into code security risks without modifying or impacting the codebase itself.

The Trend Micro GitHub integration operates in a read-only capacity, performing automated scans of selected repositories to detect:

  • Critical, high, medium, and low severity vulnerabilities in dependencies
  • Exposed credentials, secrets, API keys, or tokens within committed code
  • Potentially malicious or suspicious code artefacts
  • Misconfigurations in application structure or repository settings

Findings are surfaced through the Vision One console where they are reviewed and addressed as part of SharpLync’s secure development lifecycle. Trend Micro Code Security does not write to, change, or alter any repository content, ensuring SharpLync’s development workflow remains uninterrupted.

4. Microsoft Azure Security

All SharpLync websites, internal tools, APIs, authentication systems, and customer portals run inside the Microsoft Azure cloud platform. Azure provides enterprise-level protection that includes:

4.1 Data Encryption

  • At rest: All customer and SharpLync data is encrypted using AES-256.
  • In transit: All communication uses TLS 1.2 or higher.

4.2 Azure Web App Security

  • Sandboxed application environments
  • Automatic security patching
  • Web firewall and DDoS protection
  • Threat scanning with Microsoft Defender for Cloud

4.3 Azure Key Vault

SharpLync uses Azure Key Vault to store and manage all sensitive service credentials, database passwords, encryption keys, and third-party tokens. Nothing sensitive is stored in code repositories or application config files.

4.4 Network Controls

  • IP-restricted access to administrative services
  • Azure DDoS protection
  • Private networking for databases
  • Firewall rules restricting inbound traffic to approved paths only

5. Database & Financial Data Security

5.1 Azure MySQL Flexible Server

Customer data, portal information, and SharpLync system data are stored in Azure MySQL Flexible Server with enterprise security controls enabled. Databases are encrypted, access-controlled, and protected using private networking and firewalls.

5.2 Encryption and Access Control

  • Encrypted at rest (AES-256)
  • Encrypted in transit (TLS)
  • Access limited to SharpLync applications and authorised technicians
  • Separate admin and application users with least privilege access

5.3 Backup and Restore

  • Automatic daily backups with point-in-time restore
  • Multi-region redundancy
  • No manual intervention required for backup management

5.4 Payment Data (We Do NOT Store Customer Card Information)

SharpLync does not store or process payment card data under any circumstance. All payments are securely handled by:

  • Xero: invoicing and account billing
  • Stripe: secure card transactions
  • PayPal: optional customer checkout

These providers are PCI-DSS compliant and store card data using their own protected systems. SharpLync systems never see, store, or transmit credit card numbers, CVV codes, or bank login credentials.

6. Internal SharpLync Security Controls

6.1 Password & Credential Management

SharpLync uses Bitwarden for secure credential storage. All internal passwords, service tokens, certificates, and administrative credentials are stored in encrypted Bitwarden vaults protected by:

  • Zero-knowledge encryption
  • Multi-factor authentication
  • Role-based access controls
  • Breach monitoring and credential health auditing

Passwords are never stored in plain text, emails, or local documents.

6.2 Device Security

  • Trend Micro endpoint protection
  • Full disk encryption
  • Secure boot enabled
  • Remote wipe capabilities
  • Conditional access based on device compliance

6.3 Identity Protection

  • Azure Active Directory authentication
  • Mandatory MFA for all SharpLync staff
  • Conditional access policies to block high-risk sign-ins
  • No shared accounts

6.4 Staff Privilege Controls

  • Least-privilege access for all staff
  • Regular access reviews
  • Revocation of access on role changes or offboarding
  • Activity logging for auditing purposes

7. Customer Support Security

7.1 Reverse Authentication PIN

SharpLync uses a mandatory Reverse Authentication PIN system. Before discussing your account or providing assistance, you must ask the technician to provide your confidential PIN stored in your customer profile. If the PIN does not match, the call must be terminated immediately.

7.2 Session PIN for Remote Support

Remote sessions can only begin using a unique, time-sensitive Session PIN. Once the session ends, the PIN expires permanently and cannot be reused.

7.3 Session Recording

All remote sessions are logged and recorded for quality control, security auditing, and dispute verification. No permanent remote access tools are installed unless you provide explicit written approval.

8. Data Retention and Lifecycle Management

SharpLync retains customer data only for as long as necessary to deliver services or comply with legal obligations. When data is no longer required, it is securely deleted from production systems, and backups naturally expire through Azure's automated retention policies.

9. Incident Response & Reporting

SharpLync operates an internal incident response framework backed by Trend Micro Vision One’s threat correlation engine. Our procedures include:

  • 24/7 threat monitoring
  • Automated detection and containment
  • Rapid isolation of compromised devices
  • Immediate customer notification where relevant
  • Documented remediation and after-action reporting

10. Customer Responsibilities

To maintain a secure environment, customers must:

  • Keep passwords secure and private
  • Maintain regular backups (unless using SharpLync Managed Backup)
  • Inform SharpLync of staff changes or departures
  • Notify SharpLync of suspected security incidents promptly
  • Keep systems and software updated

11. Contact for Security Concerns

If you have any questions or concerns regarding this Security Policy, please contact:

SharpLync Security Team

  • Email: security@sharplync.com.au
  • Phone: 0492 014 463
  • Address: PO Box 1081, Stanthorpe QLD 4380