// SOVEREIGN DATA
Sovereign data protection
Your security data is sensitive. Attack maps, vulnerability findings, and incident artefacts reveal exactly how to compromise your organisation. We keep that data in Australia, under your control.
// PRINCIPLES
Our sovereign data commitments
01
Onshore security analysis
All penetration testing, vulnerability analysis, and security assessments are conducted by Australian-based engineers from Australian infrastructure.
02
No offshore security processing
We do not route your security data through offshore teams, third-party analysis platforms, or foreign cloud services for processing.
03
Client data stays in Australia
All client data, findings, and engagement artefacts are stored within Australian jurisdiction. We do not transfer security data offshore.
04
Local audit artefact storage
Reports, evidence, and engagement records are stored on Australian infrastructure with appropriate access controls and retention policies.
05
Controlled reporting
Reports and findings are shared through agreed channels. We do not upload your security data to third-party platforms without explicit approval.
06
Evidence handling
Sensitive evidence (screenshots, data extracts, credentials found during testing) is handled according to agreed protocols and securely destroyed after engagement closure.
// IN PRACTICE
What this means for your engagement
Data collection
All testing is conducted from Australian IP ranges. No data is sent to foreign analysis engines or cloud-based scanning platforms without your knowledge.
Where artefacts live
Findings, reports, and evidence are stored on encrypted Australian infrastructure. Access is limited to named SAULT engineers working on your engagement.
How reports are shared
Reports are delivered through agreed secure channels — encrypted email, secure file transfer, or in-person handoff. We do not use consumer file-sharing platforms.
What we exclude
We do not use third-party SaaS platforms that process your data offshore as part of our standard tooling. Where specific tools require cloud processing, we disclose this and get approval first.
Exceptions
If a specific engagement requires a tool or process that involves offshore data handling, we document it, explain why, and get your written approval before proceeding.
// SUITABLE ENVIRONMENTS
Who needs sovereign data handling
Government suppliers
If you handle government data or supply government systems, sovereign data handling isn't optional — it's a requirement. We help you meet your contractual and regulatory obligations.
Regulated sectors
Financial services, healthcare, and critical infrastructure operators face specific data handling requirements. Our onshore approach helps you meet them.
Critical infrastructure operators
Your security data reveals exactly how to compromise essential services. Keeping that data within Australian jurisdiction is a national security consideration.
Healthcare and financial systems
Sensitive personal data combined with security findings creates a high-value target. We help you protect both.
Need sovereign data handling?
Discuss your data handling requirements with an Australian security engineer.