At Fast IT and Engineering, we provide reliable and secure IT and engineering services to our clients across the Northern Territory and Australia. We take system and data security seriously, but we also recognise that no system is ever completely free from vulnerabilities.
We value the contributions of security-minded individuals who help make our systems safer. This policy explains how you can responsibly report potential security issues to us and what you can expect from us in return.
This policy aligns with the Australian Cyber Security Centre (ACSC) guidelines and the Privacy Act 1988 (Cth).

Reporting a Potential Security Vulnerability

If you believe you’ve found a security weakness in our systems or services, we want to hear from you.

1. How to contact us

Please email us at:
📧 fast.iteng@gmail.com
Use the subject line “Security Vulnerability Report” and include:
A clear description of the issue
Steps to reproduce the vulnerability
Relevant technical information (e.g., error messages, payloads, logs)
The potential impact, if known

2. Keep it confidential

Please do not publicly disclose the vulnerability until we have had the opportunity to investigate and fix it.

3. Be responsible and gentle

• Do not exploit the vulnerability or access unnecessary data.
• Do not perform excessive testing beyond what’s required to confirm the issue.
• Avoid any activity that could damage systems, degrade performance, or disrupt service.

4. Protect personal information

If you come across personal or sensitive information, including client data:

• Stop testing immediately
• Do not store, share, or copy the information
• Notify us straight away in your report

We take privacy and data protection obligations seriously.

If You Follow This Policy, Here’s What We Promise

1. We will acknowledge your report

We will confirm via email within five (5) business days that we’ve received your report.

2. We will investigate

We’ll assess the issue, verify the vulnerability, and work to address it promptly.

3. We won’t take legal action

If your actions comply with this policy and are done in good faith, Fast IT and Engineering will not initiate legal action.
If a third party attempts action related to your compliant research, we will confirm your adherence to this policy.

4. We will keep you informed

We will keep you updated as we verify the issue and work on a resolution.

5. Public acknowledgement

Once the issue is resolved, we may—if mutually agreed—discuss public disclosure or joint communication.
Public disclosure without our written consent is not allowed.

What Is Not Allowed

To protect our systems and customers, the following activities are strictly prohibited:

• Performing DoS or DDoS attacks
• Physical intrusion attempts (offices, client sites, or infrastructure)
• Social engineering of staff, clients, or suppliers
• Accessing, modifying, or deleting data
• Running automated security scanners without consent
• Any action that breaks Australian law

Scope — What Systems This Policy Covers

This policy applies to:

• The Fast IT and Engineering website (when launched)
• Email services and hosted systems directly owned or managed by us
• Digital services and online forms we operate

This policy does NOT

• Third-party platforms, software, or hosting services (e.g., Google Workspace, Microsoft 365, cloud hosts, engineering software vendors)

Issues in those systems should be reported to the relevant provider.

Legal Notes

• This policy does not grant permission to actively attack, probe, or scan our systems.
• Any testing outside the boundaries of this policy may be unlawful.
• You are responsible for ensuring your actions comply with Australian law.
• We may update this policy at any time without prior notice.

Our Appreciation

Your responsible disclosure helps us improve the security and reliability of our services. We genuinely appreciate your efforts to keep Fast IT and Engineering and our clients safe.