PKI, HSM & IoT cryptography for Western Australia
Vendor-neutral design, migrations, crypto audits and lifecycle automation. On-site availability in Perth & WA (AWST). We align technical controls with Australian frameworks and sector obligations—especially for Mining and Pharmaceutical environments—and prepare teams for post-quantum.
PKI design & hierarchy modernisation
Offline root, issuing tiers, AIA/CDP/OCSP, HA revocation, ceremony evidence; runbooks built for mining sites and regulated pharma GMP plants.
- Profile/EKU and validity baselines aligned to ASD ISM and ACSC Essential Eight maturity
- CLM integration (Venafi / EJBCA / Keyfactor), ACME/EST device enrollment
- Change windows with blue/green rollovers and evidence packs
HSM custody & key management
M-of-N key ceremonies, RBAC/SoD, backup & recovery with auditable trails (on-prem & cloud HSMs).
- Key lifecycle aligned to ASD ISM
- Module assurance via FIPS 140-3 certified devices where required
- Evidence artefacts for IRAP and third-party assessments
Certificate lifecycle automation (CLM)
Discovery → policy → issuance → renewal across hybrid estates; SLOs for expiry MTTR, OCSP freshness, CRL age.
- Agents/APIs, ACME/EST; policy folders & approvals
- Dashboards for audits (Mining OT segments & Pharma GMP networks)
- De-risk emergency renewals with validated patterns
Post-quantum readiness
CBOM, hybrid certificates, pilot → rollout aligned to AU adoption of NIST PQC selections.
- Algorithm policy & crypto-agility design for long-lived OT and GMP assets
- Protocol & performance impact testing (handshake p95/p99)
- Parallel PKI design & deprecation plan
Cryptographic audits (infra & code)
CodeQL code scans + infra review mapped to AU controls and sector obligations.
- CBOM & deprecation removal (SHA-1, RSA-1024, weak ciphers)
- Control mapping to Essential Eight Maturity Model & ASD ISM
- Actionable remediation & backlog grooming
IoT identity & industrial PKI
Device enrollment at scale, constrained profiles, secure boot & signing for pits, plants, pipelines and process control.
- OT guidance per ACSC Protecting ICS & ISA/IEC 62443
- HA OCSP/CRL for remote sites; intermittent connectivity patterns
- Firmware signing (LMS/HSS), supply-chain attestations
Western Australia sector focus
Mining (WA)
- Operational technology hardening guided by ACSC ICS and WA better-practice for critical infrastructure OT from the WA Auditor General
- Alignment with WA Government Cyber Security Policy (PDF) for public entities and SOEs
- Safety governance awareness: WHS (Mines) Regulations 2022 and DMIRS processes incl. Safety Regulation System (SRS)
- Critical infrastructure context under the national SOCI Act (CIRMP rules)
Pharmaceutical / Life Sciences
- GMP controls aligned to TGA PIC/S Guide to GMP PE009-17 and PIC/S official
- Regulatory footing: Therapeutic Goods Act 1989 (TGA) / consolidated text
- Computerised systems, data integrity and batch release patterns for validated PKI and code-signing within GMP networks
- Privacy and breach response aligned to OAIC Notifiable Data Breaches scheme
Government & Regulated
- Security assessments compatible with ASD IRAP approaches
- Policy baselines: ASD ISM, Essential Eight
- For APRA-regulated entities: CPS 234 & guidance CPG 234
Policies, privacy & incident handling
- Privacy Act 1988 obligations & breach reporting: OAIC NDB scheme (overview)
- WA public sector cyber resources: WA Cyber Security Unit (Office of Digital Government)
- Latest ISM reference (for design artefacts): ASD ISM (Sep 2025 PDF)
We don’t provide legal advice. Our designs align technical controls and evidence with these frameworks so your legal/compliance teams can demonstrate conformity.