The Vigo Group Digital Trust & Technology Governance

Trust

Technology that stays under control

The Vigo Group approaches trust through practical security, proportionate privacy handling, clear support paths, and operational discipline across the services it operates or supports.

Support Privacy Policy Terms

At a glance

Trust is not treated as a slogan. It is expressed through how systems are configured, how responsibilities are documented, how support works, and how risk is made visible rather than hidden behind complexity.

Last reviewed: 1 May 2026
Owner: Bryan Chetcuti
Operator: The Vigo Group Pty Ltd, ACN 130 524 346, Melbourne, Victoria, Australia

  • Security by default: MFA, least privilege, sensible hardening, and change discipline
  • Privacy by design: collect less, keep it tidy, and avoid unnecessary retention
  • Transparency: clear boundaries around what we do, what we do not do, and what platforms we rely on

What The Vigo Group helps with

  • simplifying systems and removing unnecessary workarounds
  • strengthening digital identity control across domains, DNS, access, and email protection
  • reducing risk through practical hardening and usable governance
  • documenting ownership, change pathways, and recovery options

The Vigo Group helps make digital trust more visible and more manageable. That includes clarifying who owns what, what controls are in place, what depends on third-party platforms, and what needs attention before it becomes operational risk.

Bounded responsibility

Trust also requires clear boundaries. The Vigo Group does not take risk ownership away from the client. The role is to make risk clearer, more manageable, and better governed.

  • 24/7 SOC monitoring is not included unless explicitly contracted through a partner
  • formal compliance certification or legal attestation is not provided
  • penetration testing is not a default deliverable, though it can be coordinated separately
  • client accountability remains with the client, supported by clearer evidence and governance

Security practices

Identity and access

Privileged access is protected with MFA where available. Access is granted on least-privilege principles, shared accounts are avoided where possible, and administrative access is reviewed on an agreed cadence.

Change control

High-impact areas such as domains, DNS, email security, identity, and core platforms are handled with care. Changes should be traceable, high-risk changes should be approved, and rollback paths should be kept simple where feasible.

Hardening

Typical hardening work may include baseline configuration review, removal of stale accounts, review of legacy access, public-site security hygiene, and documentation of ownership, runbooks, dependencies, and recovery considerations.

Monitoring and recovery

Where monitoring or backup is included, the scope is defined per service. This may include availability checks, nominated alert contacts, incident notes, defined backup coverage, storage expectations, restore validation, and recovery targets appropriate to the service.

Privacy summary

The Vigo Group aims to collect the minimum information needed to deliver and support a service. Sensitive content should not be sent through tickets or email unless specifically required and agreed.

Australian hosting and data residency are preferred where feasible. Some vendor services may store or process data in other regions depending on the platform, configuration, and engagement scope.

Full details are available on the Privacy page.

  • contact details for service delivery and support
  • billing information required for invoicing and payments
  • support information submitted through agreed channels
  • basic operational logs for reliability and abuse prevention
  • retention aligned to delivery, auditability, and reasonable business operations

Incident approach

When something goes wrong, the goal is fast clarity: understand the issue, stabilise the service, communicate appropriately, recover safely, and improve the operating model afterwards.

  • Detect and confirm the scope and impact
  • Contain the issue and stabilise critical services
  • Communicate what is known, what is being done, and what happens next
  • Recover the service and validate the outcome
  • Document cause, decisions, and prevention actions

Support expectations

Standard support operates during business hours: Monday to Friday, 9am–5pm AEST/AEDT. Requests should include the impact, relevant screenshots, timing, affected service, and the best contact details for follow-up.

  • initial triage and response
  • escalation to the relevant delivery or service lead
  • priority response where a critical service is affected

Responsible disclosure

If you believe you have found a security issue affecting a Vigo-operated service, please report it with enough information for the issue to be reviewed and reproduced.

Include the affected URL or system, steps to reproduce, and any evidence that helps confirm the issue.

  • reports will be acknowledged
  • issues will be triaged and prioritised
  • fixes will be coordinated where required
  • credit may be provided where appropriate and deserved

Platforms we may use

The Vigo Group uses third-party platforms where they are operationally appropriate. The exact vendor mix depends on the service, engagement, and client environment.

Where required, the specific vendor list and operating assumptions are documented as part of the relevant engagement or service documentation.

  • identity and productivity platforms
  • DNS, CDN, and security services
  • ticketing and support tooling
  • hosting providers and registrars
  • monitoring and alerting tools

More information

For trust, security, privacy, or support questions, email support@vigogroup.com.au or visit the support portal.

For security disclosures, include the affected service, evidence, and reproduction steps.

© 2026 The Vigo Group Pty Ltd. All rights reserved.

Melbourne, Victoria, Australia · Founded 2008