How we handle security.
We've been trusted with client infrastructure since 1993, without a material incident affecting a client. Here's how we keep it that way.
Every engineer and helpdesk operator is employed directly by Evolve and based on the Gold Coast or in Toowoomba. No offshoring, no outsourcing, no contractors we don't know personally.
All staff complete background checks before getting system access. Only those whose role requires it get access to client environments.
Access is controlled through our ticketing and RMM platforms with full audit logs of who connected where, and why. We apply multi-factor authentication, privileged access management, and the principle of least privilege.
For clients we back up, we don't just run the job. We verify the restore. Monthly test restores and documented recovery procedures so recovery isn't a surprise.
Endpoint protection, MDR, email security, MFA, and regular vulnerability scans. Not a single product. Every layer covers what another might miss.
We have documented procedures for responding to ransomware, account compromise, and data incidents. Every incident involving a client gets a post-incident report with timeline, impact, and remediation steps.
Responsible disclosure.
If you believe you've found a security issue affecting us or our clients, please tell us before disclosing publicly. Email service@evolvetech.com.au with the subject line "Security disclosure" and we'll respond within one business day.
Concerned about your posture?
Let's take a look.