User Agreement
This User Agreement governs access to Sky Nexus client portals, security dashboards, and managed-service platforms. It supplements the Terms of Service and applicable master service agreements. Access to our platforms constitutes acceptance of this Agreement and compliance with the Cybercrime Act 2001 (Cth), the Criminal Code Act 1995 (Cth), and the Privacy Act 1988 (Cth).
Identity and access management (ISO/IEC 27001:2022 Annex A.8 / ASD ISM)
Accounts are provisioned in accordance with ISO/IEC 27001:2022 Annex A.8 (access control) and the ASD Information Security Manual (ISM) access management controls.
- Accounts are strictly personal and must not be shared — each user must have a unique identity
- Multi-factor authentication (MFA) is mandatory for all platform accounts; TOTP or hardware key (FIDO2/WebAuthn) preferred
- Passwords must meet minimum complexity requirements per NIST SP 800-63B: 12+ characters, no mandatory rotation unless compromise suspected
- Privileged accounts are subject to enhanced vetting and time-limited access (principle of least privilege)
- Accounts inactive for 90 consecutive days are automatically suspended pending review
- Access is revoked within 24 hours of notification that a user has left their organisation or changed roles
Permitted use
Platform access is granted solely for managing and monitoring your organisation's contracted Sky Nexus services. All access is logged and auditable.
- Viewing security event data, threat intelligence feeds, dashboards, and compliance reports
- Raising, updating, and tracking support tickets and incident notifications
- Downloading engagement deliverables and formal reports
- Managing authorised configuration items within defined service scope
- Communicating with Sky Nexus service delivery and SOC teams
Prohibited conduct (Cybercrime Act 2001 / Criminal Code 1995)
The following activities are strictly prohibited. Violations may constitute criminal offences under the Cybercrime Act 2001 (Cth), Division 477 of the Criminal Code Act 1995 (Cth), and/or result in immediate account termination and civil action.
- Accessing, modifying, or deleting data belonging to any other Sky Nexus client
- Using platform credentials to access systems, networks, or data outside the agreed engagement scope
- Attempting to bypass authentication, audit logging, or access control mechanisms
- Introducing malware, scripts, or automated tools not expressly approved by Sky Nexus
- Exporting, copying, or disclosing platform data to unauthorised parties
- Impersonating another user or Sky Nexus staff member
Audit and monitoring
All platform activity is logged and may be monitored for security, compliance, and service quality purposes in accordance with the Privacy Act 1988 (Cth) and the Telecommunications (Interception and Access) Act 1979 (Cth). Users consent to this monitoring by accessing the platform.
- Login events, session duration, and IP addresses are logged
- All data access, download, and modification events are recorded
- Anomalous access patterns trigger automated alerts and may trigger incident response
- Audit logs are retained for 12 months minimum and are available on request by authorised client security officers
Service availability and SLA
Sky Nexus targets 99.9% monthly uptime for client portals, exclusive of scheduled maintenance. Availability metrics are reported in the monthly service report.
- Planned maintenance — minimum 48 hours advance notice via email and in-platform banner
- Emergency maintenance (critical security patch) — may proceed without notice; notification sent within 1 hour
- Service credits are available as specified in your master service agreement where SLA targets are not met
Data handling on platform
Data uploaded to or generated within the platform by your organisation remains your property. Sky Nexus processes it solely to deliver contracted services and does not use it for any other purpose. Data is stored in ASD-PROTECTED-equivalent environments where required for government or DISP-classified engagements.
Questions about this policy?
Contact our team for clarification, to exercise your rights, or to request engagement-specific documentation.
policy@skynexus.co