Visual Link IT runs production infrastructure in Australian-region data centres with defense-in-depth security controls.
Production environments run on AWS Sydney (ap-southeast-2) and Azure Australia East (australiaeast). On-prem and private-cloud deployments available for regulated industries.
In transit: TLS 1.2+ enforced, HSTS, certificate pinning where applicable. At rest: AES-256 encryption on all persistent storage, including database, file storage and backups.
Multi-factor authentication required for all administrative access. Role-based access controls (principle of least privilege). Audit logs for all admin actions, retained 1 year minimum.
Web Application Firewall (AWS WAF / Cloudflare), DDoS protection, rate limiting. Segregated VPCs per environment. No direct database internet exposure.
Automated dependency scanning (Dependabot, Snyk). Penetration testing annually by an independent CREST-accredited tester. Critical patches deployed within 48 hours.
Daily full backups, hourly incremental. Backups encrypted, retained 30 days minimum. Recovery time objective: 4 hours. Recovery point objective: 1 hour.
Documented incident response plan. 24/7 monitoring with alerting on anomalies. Notifiable data breaches reported to OAIC and affected individuals as required by the Privacy Act 1988.
Last updated: 16 May 2026.