Security Statement
Last updated: 21 May 2026
Our approach
Opsaro provides ITSM consulting, HaloITSM implementation, optimisation, reporting, and advisory services. In doing so, we may handle business, technical, operational, or project-related information provided by clients.
We take a practical, risk-aware approach to security. Our goal is to protect client information, use trusted systems, limit unnecessary access, and handle engagement information responsibly.
This page is a general security statement. Specific client security requirements, procurement obligations, access arrangements, or contractual controls should be agreed separately as part of a proposal, statement of work, or services agreement.
Access control
We aim to limit access to client systems and information to people who need it for the relevant engagement, and to use role-appropriate access where available.
Trusted platforms
We use reputable cloud, communication, documentation, and business systems to support delivery, administration, and client communication.
Practical handling
We aim to avoid collecting unnecessary sensitive information and to handle client-provided project information only for agreed business purposes.
Client system access
Where a client grants Opsaro access to a service management platform, cloud system, integration, mailbox, reporting environment, or related system, access should be appropriate to the task being performed.
We recommend that clients provide named accounts where possible, apply appropriate permissions, review access periodically, and remove access when it is no longer required.
Where elevated access is required, this should be limited to the relevant scope and timeframe wherever practical.
Information handling
During an engagement, Opsaro may receive information about your service desk, users, request types, workflows, assets, integrations, reporting, business processes, or operational requirements.
We use this information to assess, design, configure, support, or improve the relevant service management environment. We do not sell client information.
Personal information is handled in accordance with our Privacy Policy.
Data storage and retention
Project information may be stored in business systems used for communication, documentation, project delivery, billing, or record keeping.
We retain information for as long as reasonably necessary for service delivery, administration, legal, accounting, dispute resolution, and legitimate business purposes.
Where information is no longer required, we take reasonable steps to archive, delete, or de-identify it where appropriate.
Security incidents
If Opsaro becomes aware of a security incident involving client information, we will assess the incident, take reasonable containment steps, and communicate with affected parties where appropriate.
Where a notifiable data breach or other legal notification obligation applies, we will take steps consistent with applicable requirements.
What this statement does not claim
Unless expressly stated in writing, this statement does not represent that Opsaro holds a specific security certification, audit report, government accreditation, or compliance attestation.
If your organisation requires specific assurance material, insurance details, supplier onboarding documentation, or security questionnaires, please contact us.
Need security or procurement information?
Contact Opsaro with your request and we will provide relevant information where appropriate.